Yair Zaslavsky has posted comments on this change. Change subject: aaa: Adding resolve groups ......................................................................
Patch Set 2: (1 comment) http://gerrit.ovirt.org/#/c/28368/2/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthzUtils.java File backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthzUtils.java: Line 126: Authz.QueryEntity.PRINCIPAL Line 127: ).mput( Line 128: Authz.InvokeKeys.RESOLVE_GROUPS_RECURSIVE, Line 129: recursiveGroupsResolving Line 130: ).mput(Authz.InvokeKeys.RESOLVE_GROUPS, > you should keep all in memory or temporary storage, the recursive/non recur i remind u that prior to our work, we did not have clear separation (well, this is one of the reasons we're doing it, right? :) ) So, what happened is that core assumed that all groups resolving is done on behalf of users. as a result of the recursive calls you would have gotten a collection of groups which the user is a direct or indirect member of, and based on that collection that relevant groups fields in the users table in DB were populated. i hope this answers your question. Line 131: recursiveGroupsResolving Line 132: ).mput( Line 133: Authz.InvokeKeys.QUERY_FILTER, Line 134: filter -- To view, visit http://gerrit.ovirt.org/28368 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I3249b7f18c8bf609c9577e60aafa948a0aa55101 Gerrit-PatchSet: 2 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Yair Zaslavsky <yzasl...@redhat.com> Gerrit-Reviewer: Alon Bar-Lev <alo...@redhat.com> Gerrit-Reviewer: Yair Zaslavsky <yzasl...@redhat.com> Gerrit-Reviewer: automat...@ovirt.org Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: Yes _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
