[
https://issues.apache.org/jira/browse/PHOTARK-20?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12897179#action_12897179
]
Sriskandarajah Suhothayan commented on PHOTARK-20:
--------------------------------------------------
The ACL is controlled at the back-end but I also have a have a ACL instance in
the front end in-order to change the UI according to the permissions given to
the user.
yes your right.
in my design I maintain a map <userId, <ACL,securityToken>> in the back-end and
whenever the users permission is changed the ACL in the back end will be
deleted.
Then when the user request for anything, at the time of the request, the userId
will be taken from the session and
a new ACL is created and the map is updated.
but for JSON RPC requests the user will pass the securityToken.
So if the securityToken exist in the map and the ACL is null, then a new ACL
will be generated and added to the map.
By this the ACL in the back-end will be always up-to-date and since we are
only using the back-end ACL to authorize a user it will be fine.
But the ACL in the front-end will be only updated when the user change from one
page to another or when he click "switch to group Mgt" button in the
upload.html.
I the last patch I have not deleted the ACL for certain situations... therefore
since the old ACL is still existing the user permission is not getting updated
I'll fix that and submit a patch soon
> Integrate OpenId with photark
> -----------------------------
>
> Key: PHOTARK-20
> URL: https://issues.apache.org/jira/browse/PHOTARK-20
> Project: PhotArk
> Issue Type: New Feature
> Components: PhotArk Admin Services
> Affects Versions: PhotArk M3
> Reporter: Avdhesh Yadav
> Assignee: Sriskandarajah Suhothayan
> Fix For: PhotArk M3
>
> Attachments: AccessManager1.patch, AccessManager2.patch,
> authentication-registration-final.patch, authentication_final.patch,
> Authentication_improved1.patch, Authentication_improved2.patch,
> Authentication_improved3.patch, authorization1.patch,
> Authorization_and_Role_Management_final_patch.patch,
> authorization_final_patch_with_corrections.patch,
> authorization_final_patch_with_corrections_without_build_failure.patch,
> authorization_final_with_role_management.patch,
> authorization_final_with_ui.patch, authorization_final_without_ui.patch,
> basicPermisionStructure.patch, images.zip,
> improved_security_for_JSON_RPC.patch, improvedAutorization.patch,
> security_for_JSON_RPC.patch
>
>
> Integration of Open Id with photark.This allows users of popular openids
> (e.g gmail , yahoo) to use the photark and make the pictures private...and
> share albums with some users only..
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
