User Story #44 (closed)
Opened 18 years ago
Closed 18 years ago
Users want a central administration interface (IAdmin)
Reported by: | jamoore | Owned by: | jamoore |
---|---|---|---|
Priority: | major | Milestone: | 3.0-M3 |
Component: | API | Keywords: | story114,iteration2 |
Cc: | cxallan, jburel | Story Points: | n.a. |
Sprint: | n.a. | Importance: | n.a. |
Total Remaining Time: | n.a. | Estimated Remaining Time: | n.a. |
Description
Such an interface should provide the necessary user/group/permissions-type methods. Further, methods should eagerly load where necessary.
- addUser/Group
- removeUser/Group
- getUser/Group (returns linked Groups/Users?)
- chmod
- stat
- ...
Change History (13)
comment:1 Changed 18 years ago by jmoore
- Milestone set to cycle1
- Version set to 3.0-M1
comment:2 Changed 18 years ago by jmoore
- Keywords iteration3 added
comment:3 Changed 18 years ago by jmoore
- Keywords iteration3 removed
r704 and r705 provide the skeleton and a single working method (synchronizeLoginCache) which was needed for testing as mentioned previously. This can now be extended easily. Be care, however, to properly label the allowed roles for all methods'''
For types which become "locked" by #156 (system-types), IAdmin and ITypes should provide methods with @RunAs("system") annotations.
Moving this out of iteration 3. As other methods are needed, we can put it back in.
comment:4 Changed 18 years ago by jmoore
- Keywords callan jburel added
- Status changed from new to assigned
r710 adds interface methods. They are not yet implemented. These should be reviewed, especially regarding the parameters. Most methods take either:
- an IObject instance
- a String name instance
- or a Long instance.
It's possible to have all of these options (lots of methods) or unify them (all of one), or to leave it somewhat mixed up as it is now, with the assumption that each has some benefits. Thoughts?
comment:5 Changed 18 years ago by jmoore
r718 added these not yet implemented methods to AdminBean.
comment:6 Changed 18 years ago by jmoore
Other methods needed include:
- getAllUsers
- getAllGroups
comment:7 Changed 18 years ago by jmoore
- Milestone changed from 3.0-M2 to 3.0-M3
comment:8 Changed 18 years ago by jmoore
All methods that can be applied to any user:
- addGroups
- removeGroups
- ...
should also have versions which apply to the current user, similar to the changePassword/changeUserPassword split.
For changeOwner, changeGroup and friends, the security permissions should be lowered to "user" but there must be an explicit check that the object belongs to the user.
comment:9 Changed 18 years ago by jmoore
- Cc callan jburel added
- Keywords story114 iteration1 added; callan jburel removed
comment:10 Changed 18 years ago by jmoore
r765 added deleteExperimenter to IAdmin which also takes account of the password table (otherwise constraint violation exceptions are thrown)
comment:11 Changed 18 years ago by jmoore
- Keywords iteration2 added; iteration1 removed
Lots of testing for validity and security should happen in iteration2.
comment:12 Changed 18 years ago by jmoore
r791 adds addGroups
comment:13 Changed 18 years ago by jmoore
- Resolution set to fixed
- Status changed from assigned to closed
r824 changes the return types of Experimenter and ExperimenterGroup creation from the instances themselves to longs. getExperimenter(long) and similar can be subsequently used to lookup the new instances. Large graphs were being returned on those calls that were mostly unnecessary. Usually the idiom:
long id = iAdmin.createUser(userDTO); Experimenter e = new Experimenter( id, false ); // an unloaded proxy
will work just fine.
r824 also introduces the LocalAdmin interface parallel to LocalQuery and LocalUpdate which has some in-JVM optimized calls. There is also extended testing.
All methods are now operable. Testing remains but that will be done under the general security umbrella (#114).
Moving to iteration3. It most likely won't be finished, but for testing #52 and #148 it would be useful to have this partially working.