[Yanel-dev] Assigning new group to a user at runtime

Wed Dec 15 15:32:58 CET 2010

Hi,
I don't mean accessing the session of another user, I meant within the same
session.

E.g.: user A is logged in and performs some stuff. Then he performs some
functions within his session where at the end of those functions the user
gets "upgraded", in my example he gets assigned a new group (with additional
privileges, etc.).

So the question is, how can I just rebuild the security context in Yanel (or
however you want to call this).

I imagine that this should not be that difficult compared to doing the same
for any kind of user...

So I imagine a new method like this:

getEnvironment().getIdentity().refresh();

What do you think?
Cheers
Balz

On Wed, Dec 15, 2010 at 3:27 PM, Michael Wechner
<michael.wechner at wyona.com>wrote:

>  On 12/15/10 11:54 AM, Balz Schreier wrote:
>
> Hi Michael,
> I fully understand the performance reasons and I think this has to be like
> this. I actually just wanted to know whether I have missed any API
> possibility to update the groups.
>
>  So my suggestion would be to extend the Yanel Core API with a new method,
> where the whole group and other security stuff is redone again and attach=
ed
> to the session (Maybe we can reuse the very same code that does the initi=
al
> stuff).
>
>
> The problem is accessing the session of a particular user from within
> another user, but
> let me check if we might be able to re-use stuff from
>
> YANEL_HOME/src/contributions/resources/sessionmanager/
>
> or otherwise move this information into a more accessible cache like for
> example ehcache
>
>
>  What do you think?
>
>
> I agree, but we need to overcome the technical hurdles ;-)
>
> Cheers
>
> Michael
>
>
> On Wed, Dec 15, 2010 at 11:43 AM, Michael Wechner <
> michael.wechner at wyona.com> wrote:
>
>> Hi Balu
>>
>>
>> On 12/15/10 10:03 AM, Balz Schreier wrote:
>>
>>> Hi,
>>>
>>> I have the usecase where a user gets assigned a new group while he is
>>> logged in.
>>> I noticed that Yanel reflects this change only after a login of that
>>> user, means as long as the user stays logged in, the user does not bene=
fit
>>> from the new assignment yet.
>>>
>>
>>  the reason for that is that for performance reasons the groups (and its
>> parents and parents) are loaded
>> during login and attached to the session, because these are used for
>> access control, and since every "html request" has many other requests a=
s a
>> consequence it's good to have this "cached".
>>
>> Now when you update the group settings the sessions are not being touched
>> and hence one
>> does not notice such a  change.
>>
>> I am not saying that this is good, but the question is how we can do this
>> better, but please see below ...
>>
>>
>>> Question: How can I tell Yanel to reinitialize the User (Identity) and
>>> its Groups ?
>>>
>>
>>  - we could try to change the session
>> - we could change the implementation by using conf/ehcache.xml instead t=
he
>> sessions.
>>
>> Any other suggestions?
>>
>> Thanks
>>
>> Michael
>>
>>>
>>> Thanks
>>> Cheers
>>> Balz
>>>
>>
>> --
>> Yanel-development mailing list Yanel-development at wyona.com
>> http://lists.wyona.org/cgi-bin/mailman/listinfo/yanel-development
>>
>
>
>
> --
> Yanel-development mailing list Yanel-development at wyona.com
> http://lists.wyona.org/cgi-bin/mailman/listinfo/yanel-development
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.wyona.org/pipermail/yanel-development/attachments/2010121=
5/d6c06342/attachment.htm