checking perms on comments

Thread: checking perms on comments

Search this list only Search all lists
checking perms on comments
	2008-04-24 23:25:15
So I was looking into cleaning up a permissions issue in LibertyComments::userCanEdit and an issue has arose. When comments load up they run this check to see if the user can edit each individual comment. A missing part in userCanEdit was a check on p_liberty_edit_comments and p_liberty_admin_comments. My initial thought was to get the user's permission hash for each comment. But on reflection of what this means in terms of queries on threads of a hundred comments or more it seems this would be a real mistake, it also makes some security services a hassle. It would conceptually make more sense and would significantly lighten the query load on such threads if the check was actually called on the root object. Then we would only get one permission hash which we get when we load up the container object anyway. Of course what that would mean is LibertyComments would need a reference to the root object. Like mRootObject or something, which spiderr you and I discussed before. I've held off on wiring it in since I was able to work around the issue in other places. But this seems to me to be a good reason to finally go forward with that. To implement this change I figure to update all package files in which I find a new LibertyComment call, and assign a reference to the root with something like a comment->mRootObject = gContent. But custom code not in sourceforge will not get such an update. There are two ways to possibly address this and help others out. I can add a getter method getRoot and it could check if a mRootObject is set. if not it could then do one of two things. One option would be for it to load up another instance of the root object so long as it has a root id to use, this is the wasteful-but-works method. Or it could print out a warning that its not set and that the offending code should be updated, this is the bestpractice-but-surprising method. thoughts? ------------------------------------------------------------ ------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;1987 57673;13503038;p?http://java.sun.com/javaone _______________________________________________ bitweaver-core mailing list bitweaver-corelists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitweave r-core

[1]

about | contact Other archives ( Real Estate discussion Medical topics )