You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When I change an admin privilege level in the database, I have to restart the server before the change takes effect and I see a change in the responses I get to my API calls.
For example, say I have a user with all permissions like so:
When I make a GET request to the /clients endpoint, I receive all the clients, as expected. Then I run:
mysql> update TMP_USER set canRead=0;
When I make that GET request again, I should receive ACCESS_DENIED, but instead I get the full list of clients.
If I run: $ sudo service tomcat7 restart
...and then make the GET request, I get
{
"error": {
"errors": [
{
"code": "ACCESS_DENIED",
"message": "You are not allowed to access this content."
}
],
"code": "ACCESS_DENIED",
"message": "You are not allowed to access this content."
}
}
as expected. Probably Hibernate is doing some caching, as I briefly discussed with @kfogel and @slifty in IRC earlier today.
The text was updated successfully, but these errors were encountered:
When I change an admin privilege level in the database, I have to restart the server before the change takes effect and I see a change in the responses I get to my API calls.
For example, say I have a user with all permissions like so:
When I make a
GETrequest to the/clientsendpoint, I receive all the clients, as expected. Then I run:mysql> update TMP_USER set canRead=0;When I make that
GETrequest again, I should receiveACCESS_DENIED, but instead I get the full list of clients.If I run:
$ sudo service tomcat7 restart...and then make the
GETrequest, I getas expected. Probably Hibernate is doing some caching, as I briefly discussed with @kfogel and @slifty in IRC earlier today.
The text was updated successfully, but these errors were encountered: