Martin Peřina has posted comments on this change. Change subject: aaa: Remove userId parameter from LogoutUserCommand ......................................................................
Patch Set 1: > Hi! > > """ Anyway in all cases sessionId of user that should be logouted have to > passed as a parameter. And in case 3. we should also pass sessionId of admin > user that executed logout of other user. """ > > not sure I understand... as far as I know, every command sets the session id > of current session without ability to override. this is how user commands > should look like, so you do not accidentally enter other security domain. Yes, but GWT and/or REST exist outside backend command infrastructure. So every REST API or GWT call passes current user session id as a part of command parameters (attribute sessionId). And this parameter is on the backend interface parsed and used to create command context with correct sessionId > > terminate session must be a different command, much like the restapi I guess, > as it does provide explicit session id and can enter a different context, > provided the authenticated user is superuser. Sure, I agreed that TerminateSessionCommand should be standalone. I only said that this command parameters should contain sessionId of a admin user that executed it (see above) and id of the session of the user that admin wanted to logout -- To view, visit https://gerrit.ovirt.org/38403 To unsubscribe, visit https://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: Ia33c7dfd908c68ac06b717c0452e3de4564f35a7 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Martin Peřina <[email protected]> Gerrit-Reviewer: Alon Bar-Lev <[email protected]> Gerrit-Reviewer: Martin Peřina <[email protected]> Gerrit-Reviewer: Oved Ourfali <[email protected]> Gerrit-Reviewer: Ravi Nori <[email protected]> Gerrit-Reviewer: Yevgeny Zaspitsky <[email protected]> Gerrit-Reviewer: [email protected] Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: No _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
