Project

General

Profile

Task #1808

Story #1329: ^^^^ Items To Discuss ^^^^

MNAuthorization.isAuthorized() -> assertAuthorized()

Added by Roger Dahl over 12 years ago. Updated over 12 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
2011-09-26
Due date:
% Done:

0%

Milestone:
CCI-0.6.4
Product Version:
*
Story Points:
Sprint:

Description

Should we change MNAuthorization.isAuthorized() to assertAuthorized()?

The rationale is that calls that start with "is" often return true/false, but this call has "assert" semantics in that it returns an exception if the subject does not have adequate permissions.

The function returns 200 OK for success, so, it's not possible for the call to return "false", like you would expect an "is" function to.

History

#1 Updated by Rob Nahf over 12 years ago

Because this method returns NotAuthorized for 2 very different situations (not authorized for the action; subject not having the permission queried for), implementations should be sure to differentiate (with detail code? with description?) how to interpret the situation. For example, a client not authorized to call isAuthorized() due to some underlying certificate management problem, might proceed blindly assuming that all requested permissions are NotAuthorized and take improper action on the results. (Not saying that there is an example at present of this, but the design allows for this confusion).

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 14.8 MB)