On Feb 7, 10:59 pm, KaiGai Kohei <[email protected]> wrote: > However, the thread-B may calls store_item() earlier than thread-A. > In this case, the thread-B also checks permission to *create* a new one. > In the result, the thread-A updates an existing item, although security > stuff allowed to create a new item. > (For example, thread-B assign different user-id from thread-A.)
I don't see how this is different from what "add" has to do already. Multiple things can happen concurrently. You define what is correct, then do what you need to do to make your engine do it. If you need to lock and check permissions before you take final action, then that's what you need to do. > * Capability to load multiple (stackable) engine module. I do this in bucket engine. > * Capability to store security attribute of the item and connection. I do this in bucket engine (just the connection side, I have no need to do anything on the item side, but the engine controls the shape of the item completely). > * Hooks to make access control decision. I do this in bucket engine. ... I sent you pointers to this in the past. You seem to be repeatedly asking for things I've already shown are working. You've also brought up some good points where we need to make improvements. I do think it'd be good if you aim for a version that sits within its own project running entirely as an engine and try to isolate the things that you can't possibly do (vs. paths that are less desirable). Feel free to harvest as much of bucket engine as you can to make it easier to hack something together.
