[Engine-patches] Change in ovirt-engine[master]: aaa: Remove userId parameter from LogoutUserCommand

Mon, 09 Mar 2015 04:31:19 -0700 

Martin Peřina has posted comments on this change.

Change subject: aaa: Remove userId parameter from LogoutUserCommand
......................................................................


Patch Set 1:

> terminate session can have both session id and session db id, if the session
> id is null go with the session db id.

We cannot do that, because TerminateSessionCommand can be executed only by
admin users. In RestApiSessionMgmtFilter we have only sessionId of the user
logged in using REST API and it doesn't have to be an admin.

> this will make it simpler for you to integrate it into the two cases.

So here's my suggestion:

 1. TerminateSessionCommand parameters will have these attributes:
 
      sessionId
        - sessionId of the admin user, that executed the command
      
      terminatedSessionId
        - sessionId of the user, which admin wanted to logout
        - used only when sessionDbIdToTerminate is null
      
      terminatedSessionDbId
        - sessionDbId of the user, which admin wanted to logout

 2. TerminateSessionCommand can be executed by admin users only

 3. LogoutBySession and LogoutUser commands will be merged and renamed to
    LogoutSessionCommand
    
 4. LogoutSessionCommand will be called from GWT with sessionId of the user that
    should be logged out

 5. LogoutSessionCommand will be called by RestApiSessionMgmtFilter with
    sessionId 

 4. LogoutSessionCommand can be executed by all users, our GWT and REST API
    codebase should verify that correct sessionId is provided

-- 
To view, visit https://gerrit.ovirt.org/38403
To unsubscribe, visit https://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: Ia33c7dfd908c68ac06b717c0452e3de4564f35a7
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Martin Peřina <[email protected]>
Gerrit-Reviewer: Alon Bar-Lev <[email protected]>
Gerrit-Reviewer: Martin Peřina <[email protected]>
Gerrit-Reviewer: Oved Ourfali <[email protected]>
Gerrit-Reviewer: Ravi Nori <[email protected]>
Gerrit-Reviewer: Yevgeny Zaspitsky <[email protected]>
Gerrit-Reviewer: [email protected]
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: No
_______________________________________________
Engine-patches mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/engine-patches

Reply via email to