When I change an admin privilege level in the database, I have to restart the server before the change takes effect and I see a change in the responses I get to my API calls.
For example, say I have a user with all permissions like so:
When I make a GET request to the /clients endpoint, I receive all the clients, as expected. Then I run:
mysql> update TMP_USER set canRead=0;
When I make that GET request again, I should receive ACCESS_DENIED, but instead I get the full list of clients.
If I run:
$ sudo service tomcat7 restart
...and then make the GET request, I get
{
"error": {
"errors": [
{
"code": "ACCESS_DENIED",
"message": "You are not allowed to access this content."
}
],
"code": "ACCESS_DENIED",
"message": "You are not allowed to access this content."
}
}
as expected. Probably Hibernate is doing some caching, as I briefly discussed with @kfogel and @slifty in IRC earlier today.
When I change an admin privilege level in the database, I have to restart the server before the change takes effect and I see a change in the responses I get to my API calls.
For example, say I have a user with all permissions like so:
When I make a
GET
request to the/clients
endpoint, I receive all the clients, as expected. Then I run:mysql> update TMP_USER set canRead=0;
When I make that
GET
request again, I should receiveACCESS_DENIED
, but instead I get the full list of clients.If I run:
$ sudo service tomcat7 restart
...and then make the
GET
request, I getas expected. Probably Hibernate is doing some caching, as I briefly discussed with @kfogel and @slifty in IRC earlier today.