Hi Luca, thanks for the answer. I understand your point, but I think that public APIs that are exposed to the developers, should be consistent and they have to behave in a deterministic way. In this case, on the contrary, the OUser.getRoles() API returns different information depending on the connection type established with the DB.
Maybe you could think to perform a select on the remote db to retrieve the roles only if the API is not called while opening the connection My 2cent. :) Il giorno venerdì 21 febbraio 2014 18:52:06 UTC+1, Lvc@ ha scritto: > > Hi Claudio, > that was needed to avoid checks on client side and server side. In this > way security checks run at server side only. > > Lvc@ > > > > On 21 February 2014 15:48, Claudio <[email protected] <javascript:>>wrote: > >> Things can be worse if I try to manipulate the roles collection. >> Using the local connection, this code works: >> ouser.getRoles().remove(oldORole); >> ouser.addRole(newORole); >> ouser.save(); >> >> If I use a remote connection, the remove() statements simply does nothing >> because the oldORole doesn't belong to the roles set. >> >> >> >> Il giorno venerdì 21 febbraio 2014 15:38:42 UTC+1, Claudio ha scritto: >> >>> Hi guys! >>> I think I found a strange behaviuor using remote connection with Java >>> API. >>> >>> If I take the current connected user (for example admin) and want to >>> know its roles, the collection contains just a "dummy" role: passthrough >>> OUser user=(ODatabaseRecordTx)ODatabaseRecordThreadLocal. >>> INSTANCE.get().getUser(); >>> Set<ORole> roles=user.getRoles(); >>> >>> roles contains ["passthrough"] instead of ["admin"] >>> >>> I have inspected the code and I have found that the "magic" happens in >>> ODatabaseRecordAbstract.open() at line 161: >>> // REMOTE CREATE DUMMY USER >>> user = new OUser(iUserName, >>> OUser.encryptPassword(iUserPassword)).addRole(new >>> ORole("passthrough", null, >>> ORole.ALLOW_MODES.ALLOW_ALL_BUT)); >>> >>> I don't know why you made this, but in this way the behaviour of the API >>> changes between local and remote connection. >>> Because the result of OUser.getRoles() changes and can not be >>> predictable but depends on connection type. >>> >>> However, via Java API, is there a short way to get the "real" roles >>> avoiding a select statement? >>> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "OrientDB" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> For more options, visit https://groups.google.com/groups/opt_out. >> > > -- --- You received this message because you are subscribed to the Google Groups "OrientDB" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
