[oae-dev] KERN-2279: SAKIII dependency
duffy at rsmart.com
Fri Nov 4 11:19:45 PDT 2011
I'm wrapping up work on KERN-2279, which moves tagging into sparse. Part of the fallout is the elimination of an explicit POST to /tags/tagname to create a tag before using it. I've submitted a SAKIII ticket (SAKIII-4243) to track that, but wanted to make sure that's kosher on both lists. The pull requests will both need to be accepted for completion of this task.
Details Should You Want to Review:
The removal of the POST came about because of issues with permissions in sparse. Once a tag is created we do not want the creator to be able to alter the tag. That would mean anyone else who used the same tag would have their content retagged with the new tag. This meant the user must be able to create the tag, but subsequently could not have WRITE permission. The POST from the user was handled by a default processor which attempted to alter the underlying resource in the user's session after the ACLs were set. This caused and AccessDeniedException. The easiest method to handle this was to have the tag created as part of the tagging operation if the tag did not already exist. Within the tag operation code this is done in an administrative session. No default handling of the Resource occurs, to no write it preformed in the user's session.
Ok, that might have been a bit terse to follow. But the end result is that tags get automatically created, it prevents having to implement special logic to handle POSTs to tag content, it fits with the intended functionality (eg. allow any user to create novel tags to apply to things), and it eliminates extra POSTs from the UI.
Please let me know if there is another process for coordinating changes to SAKIII in response to KERN work.
Sr. Software Engineer
The rSmart Group, Inc.
More information about the oae-dev