Warning: Can't synchronize with repository "(default)" (/home/git/ome.git does not appear to be a Git repository.). Look in the Trac log for more information.
- Timestamp:
-
12/06/06 10:15:28 (17 years ago)
- Author:
-
jmoore
- Comment:
-
From an email (Dec 6):
What are the exact requirements on updateExperimenter() and
updateGroup()? Does it suffice to change the String fields:
- first name
- email address
- etc.
If so, it might make sense to change the implementations from:
iUpdate.saveObject(group);
to
copy = copyGroup(group);
copy.setName(group.getName());
... etc. ...
iUpdate.saveObject(copy);
because there are all kinds of things that can go on in there --
adding groups, removing groups, changing the owner of groups, changing
the login name ("root"->"bob"). ... [These actions] except for changing the
login name, are covered by the rest of the IAdmin methods.)
From a talk with Chris (later that day):
- Perhaps unloading rather than copying?
- For now (milestone:3.0-Beta1), we let update stand.
- For milestone:3.0-RC1, we review with our security glasses on.
- Long term goal is to be able to pass in a single Experimenter/Group? for atomic updates (including collections) -- allows for some client side state and cancelling.
- In general, we need to decide on what root and admin should be allowed to do. What's the policy? Can anyone do any editing like with /etc/passwd ?
Legend:
- Unmodified
- Added
- Removed
- Modified
-
- Property Keywords security REVIEW added
-
v1
|
v2
|
|
5 | 5 | * updateExperimenter() |
6 | 6 | * updateGroup() |
7 | | * deleteGroup() |
| 7 | * ~~deleteGroup()~~ see #547 |
8 | 8 | |
9 | 9 | This should be feature complete with regards to implementing something along the lines of what is outlined in #415. |
1.3.13-PRO © 2008-2011
Agilo Software all
rights reserved
(this page was served in: 0.12338 sec.)