Alon Bar-Lev has posted comments on this change. Change subject: aaa: Remove userId parameter from LogoutUserCommand ......................................................................
Patch Set 1: Hi! """ Anyway in all cases sessionId of user that should be logouted have to passed as a parameter. And in case 3. we should also pass sessionId of admin user that executed logout of other user. """ not sure I understand... as far as I know, every command sets the session id of current session without ability to override. this is how user commands should look like, so you do not accidentally enter other security domain. terminate session must be a different command, much like the restapi I guess, as it does provide explicit session id and can enter a different context, provided the authenticated user is superuser. what am I missing? -- To view, visit https://gerrit.ovirt.org/38403 To unsubscribe, visit https://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: Ia33c7dfd908c68ac06b717c0452e3de4564f35a7 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Martin Peřina <[email protected]> Gerrit-Reviewer: Alon Bar-Lev <[email protected]> Gerrit-Reviewer: Martin Peřina <[email protected]> Gerrit-Reviewer: Oved Ourfali <[email protected]> Gerrit-Reviewer: Ravi Nori <[email protected]> Gerrit-Reviewer: Yevgeny Zaspitsky <[email protected]> Gerrit-Reviewer: [email protected] Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: No _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
