Ronald Wildenberg wrote: > I think the described changes are a great improvement. The separation > between User and UserContext has presented me with similar problems, but > one is missing, I think. > > In some pieces of code I call Authorization.check(UserContext, int, > Operation) myself. This method needs a UserContext object, which I build > from Cloud.getUser().getIdentifier() since it cannot be retrieved any > other way. Can the signature of Cloud.getUser() be changed to return a > UserContext (or can a method Cloud.getUserContext() be added)? > Well, the proposal was just to not make the difference any more. So indeed I proposed to make Cloud.getUser() to return a UserContext, so you could simply feed it to the check-methods of authorisation implementaiton without any trickery.
We could also try backwards-compatibility with a new method cloud.getUserContext() and so on. I won't object that, but initially I'd be inclined to clean this stuff up, rather then make it even woolier. > And then a question out of curiosity: what does the method > getDefaultApplication(int) do? I do not see an equivalent method in the > current CloudTag. Or is it mapped to the authenticate attribute on > CloudTag? Yes, that's it. The 'int' represents the 'method'. There is a long standing confusion about that term too (security 'application' vs 'authenicate'), I don't know if it can be solved. Perhaps we should opt for calling it 'application' rigourously, the 'authenticate' attribute of cloud-tag being deprcated and duplicated by a 'application' attribute. Or perphaps the inverse? > About the anonymous cloud issue I talked about earlier, I certainly > think it is related. If I explicitly state in every mm:cloud tag I would > like to use a particular authentication implementation (<mm:cloud > method="sessiondelegate" authenticate="entree">), I do not like to see > an attempt to use an anonymous cloud. If the security implementation is > able to define what the preferred authentication method will be, I also > would like to see only that one used. I will keep it in mind. Thanks for the feedback. Michiel -- Michiel Meeuwissen mihxil' Mediacentrum 140 H'sum [] () +31 (0)35 6772979 nl_NL eo_XX en_US _______________________________________________ Developers mailing list [email protected] http://lists.mmbase.org/mailman/listinfo/developers
