Hi Claudio, that was needed to avoid checks on client side and server side. In this way security checks run at server side only.
Lvc@ On 21 February 2014 15:48, Claudio <[email protected]> wrote: > Things can be worse if I try to manipulate the roles collection. > Using the local connection, this code works: > ouser.getRoles().remove(oldORole); > ouser.addRole(newORole); > ouser.save(); > > If I use a remote connection, the remove() statements simply does nothing > because the oldORole doesn't belong to the roles set. > > > > Il giorno venerdì 21 febbraio 2014 15:38:42 UTC+1, Claudio ha scritto: > >> Hi guys! >> I think I found a strange behaviuor using remote connection with Java API. >> >> If I take the current connected user (for example admin) and want to know >> its roles, the collection contains just a "dummy" role: passthrough >> OUser user=(ODatabaseRecordTx)ODatabaseRecordThreadLocal. >> INSTANCE.get().getUser(); >> Set<ORole> roles=user.getRoles(); >> >> roles contains ["passthrough"] instead of ["admin"] >> >> I have inspected the code and I have found that the "magic" happens in >> ODatabaseRecordAbstract.open() at line 161: >> // REMOTE CREATE DUMMY USER >> user = new OUser(iUserName, >> OUser.encryptPassword(iUserPassword)).addRole(new >> ORole("passthrough", null, >> ORole.ALLOW_MODES.ALLOW_ALL_BUT)); >> >> I don't know why you made this, but in this way the behaviour of the API >> changes between local and remote connection. >> Because the result of OUser.getRoles() changes and can not be predictable >> but depends on connection type. >> >> However, via Java API, is there a short way to get the "real" roles >> avoiding a select statement? >> > -- > > --- > You received this message because you are subscribed to the Google Groups > "OrientDB" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > -- --- You received this message because you are subscribed to the Google Groups "OrientDB" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
