Index: openacs-4/packages/acs-admin/acs-admin.info
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-admin/acs-admin.info,v
diff -u -r1.53 -r1.54
--- openacs-4/packages/acs-admin/acs-admin.info 31 May 2018 10:54:19 -0000 1.53
+++ openacs-4/packages/acs-admin/acs-admin.info 23 Jun 2018 16:30:58 -0000 1.54
@@ -9,7 +9,7 @@
f
t
-
+
Don Baccus
An interface for Site-wide administration of an OpenACS Installation.
2017-08-06
@@ -20,9 +20,9 @@
GPL
3
-
+
-
+
Index: openacs-4/packages/acs-admin/www/users/modify-admin-privileges.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-admin/www/users/modify-admin-privileges.tcl,v
diff -u -r1.8 -r1.9
--- openacs-4/packages/acs-admin/www/users/modify-admin-privileges.tcl 19 Jan 2018 13:40:40 -0000 1.8
+++ openacs-4/packages/acs-admin/www/users/modify-admin-privileges.tcl 23 Jun 2018 16:30:58 -0000 1.9
@@ -27,9 +27,11 @@
ad_returnredirect $return_url
- # We need to flush all permission checks pertaining to this user.
- # this is expensive so maybe we should check if we in fact are cacheing.
- util_memoize_flush_regexp "^permission::.*-party_id $user_id"
+ #
+ # Flush all permission checks pertaining to this user.
+ #
+ permission::cache_flush -party_id $user_id
+
ad_script_abort
}
Index: openacs-4/packages/acs-tcl/acs-tcl.info
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/acs-tcl.info,v
diff -u -r1.81 -r1.82
--- openacs-4/packages/acs-tcl/acs-tcl.info 15 Jun 2018 08:30:12 -0000 1.81
+++ openacs-4/packages/acs-tcl/acs-tcl.info 23 Jun 2018 16:30:58 -0000 1.82
@@ -9,7 +9,7 @@
f
t
-
+
OpenACS
The Kernel Tcl API library.
2017-08-06
@@ -18,7 +18,7 @@
GPL version 2
3
-
+
Index: openacs-4/packages/acs-tcl/tcl/acs-permissions-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/acs-permissions-procs.tcl,v
diff -u -r1.38 -r1.39
--- openacs-4/packages/acs-tcl/tcl/acs-permissions-procs.tcl 11 Apr 2018 21:35:07 -0000 1.38
+++ openacs-4/packages/acs-tcl/tcl/acs-permissions-procs.tcl 23 Jun 2018 16:30:58 -0000 1.39
@@ -9,12 +9,11 @@
}
namespace eval permission {}
-
-# define cache_p to be 0 here. Note that it is redefined
-# to return the value of the PermissionCacheP kernel parameter
-# on the first call. also the namespace eval is needed to
+#
+# Define cache_p to return 0 or 1 depending on the PermissionCacheP
+# kernel parameter on the first call. The namespace eval is needed to
# make the redefinition work for ttrace.
-
+#
ad_proc -private permission::cache_p {} {
returns 0 or 1 depending if permission_p caching is enabled or disabled.
by default caching is disabled.
@@ -32,7 +31,7 @@
grant privilege Y to party X on object Z
} {
db_exec_plsql grant_permission {}
- util_memoize_flush [list permission::permission_p_not_cached -party_id $party_id -object_id $object_id -privilege $privilege]
+ permission::cache_flush -party_id $party_id -object_id $object_id -privilege $privilege
permission::permission_thread_cache_flush
}
@@ -44,7 +43,7 @@
revoke privilege Y from party X on object Z
} {
db_exec_plsql revoke_permission {}
- util_memoize_flush [list permission::permission_p_not_cached -party_id $party_id -object_id $object_id -privilege $privilege]
+ permission::cache_flush -party_id $party_id -object_id $object_id -privilege $privilege
permission::permission_thread_cache_flush
}
@@ -56,7 +55,7 @@
{-object_id:required}
{-privilege:required}
} {
- does party X have privilege Y on object Z
+ Does the provided party have the reequested privilege on the given object?
@param no_cache force loading from db even if cached (flushes cache as well)
@@ -77,36 +76,41 @@
set caching_activated [permission::cache_p]
if { $no_cache_p || !$caching_activated } {
-
+ #
+ # No caching wanted (either per-call or configured)
+ #
if { $no_cache_p } {
+ #
+ # Avoid all caches.
+ #
permission::permission_thread_cache_flush
}
if {$caching_activated} {
- # If there is no caching activated, there is no need to
- # flush the memoize cache. Frequent momoize cache flushing
- # causes a flood of intra-server talk in a cluster
- # configuration (see bug #2398);
- #
- util_memoize_flush [list permission::permission_p_not_cached \
- -party_id $party_id \
- -object_id $object_id \
- -privilege $privilege]
+ #
+ # Only flush the cache, when caching is activated.
+ # Frequent cache flushing can cause a flood of
+ # intra-server talk in a cluster configuration (see bug
+ # #2398);
+ #
+ permission::cache_flush \
+ -party_id $party_id \
+ -object_id $object_id \
+ -privilege $privilege
}
set permission_p [permission::permission_p_not_cached \
-party_id $party_id \
-object_id $object_id \
-privilege $privilege]
- } else {
- set permission_p [util_memoize \
- [list permission::permission_p_not_cached \
- -party_id $party_id \
- -object_id $object_id \
- -privilege $privilege] \
- [parameter::get -package_id [ad_acs_kernel_id] \
- -parameter PermissionCacheTimeout \
- -default 300]]
+ } else {
+ #
+ # Permission caching is activated
+ #
+ set permission_p [permission::cache_eval \
+ -party_id $party_id \
+ -object_id $object_id \
+ -privilege $privilege]
}
if {
@@ -116,6 +120,12 @@
&& [ad_conn untrusted_user_id] != 0
&& ![template::util::is_true $permission_p]
} {
+ #
+ # In case, permission was granted above, the party and ad_conn
+ # user_id are 0, and the permission is NOT granted based on
+ # the untrusted_user_id, require login unless this is
+ # deactivated for this call.
+ #
set untrusted_permission_p [permission_p_not_cached \
-party_id [ad_conn untrusted_user_id] \
-object_id $object_id \
@@ -296,7 +306,65 @@
return [db_list_of_lists get_parties {}]
}
+ad_proc -private permission::cache_eval {
+ {-party_id}
+ {-object_id}
+ {-privilege}
+} {
+ Run permission call and cache the result.
+ @param party_id
+ @param user_id
+ @param privilege
+
+ @see permission::permission_p
+} {
+ return [util_memoize \
+ [list permission::permission_p_not_cached \
+ -party_id $party_id \
+ -object_id $object_id \
+ -privilege $privilege] \
+ [parameter::get -package_id [ad_acs_kernel_id] \
+ -parameter PermissionCacheTimeout \
+ -default 300]]
+}
+
+
+ad_proc -public permission::cache_flush {
+ {-party_id}
+ {-object_id}
+ {-privilege}
+} {
+
+ Flush permissions from the cache. Either specify all three
+ paramters or only party_id
+
+ @param party_id
+ @param user_id
+ @param privilege
+
+ @see permission::permission_p
+} {
+ if {[info exists party_id] && [info exists object_id] && [info exists privilege]} {
+ #
+ # All three attributes are provided
+ #
+ util_memoize_flush [list permission::permission_p_not_cached -party_id $party_id -object_id $object_id -privilege $privilege]
+
+ } else {[info exists party_id] } {
+ #
+ # At least the party_id is provided
+ #
+ util_memoize_flush_pattern "permission::*-party_id $party_id"
+ } else {
+ #
+ # tell user, what's implemented
+ #
+ error "either specify party_id, object_id and privilege, or only party_id"
+ }
+}
+
+
# Local variables:
# mode: tcl
# tcl-indent-level: 4
Index: openacs-4/packages/acs-tcl/tcl/memoize-procs-naviserver.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/memoize-procs-naviserver.tcl,v
diff -u -r1.6 -r1.7
--- openacs-4/packages/acs-tcl/tcl/memoize-procs-naviserver.tcl 11 Jun 2018 09:14:55 -0000 1.6
+++ openacs-4/packages/acs-tcl/tcl/memoize-procs-naviserver.tcl 23 Jun 2018 16:30:58 -0000 1.7
@@ -114,7 +114,7 @@
} {
set nr_flushed [ns_cache_flush -glob util_memoize $pattern]
if {$log_p} {
- ns_log Debug "util_memoize_flush_pattern: flushed $nr_flushed entries using the pattern: $pattern"
+ ad_log notice "util_memoize_flush_pattern: flushed $nr_flushed entries using the pattern: $pattern"
}
}
Index: openacs-4/packages/dotfolio/dotfolio.info
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/dotfolio/dotfolio.info,v
diff -u -r1.7 -r1.8
--- openacs-4/packages/dotfolio/dotfolio.info 19 Oct 2016 09:00:04 -0000 1.7
+++ openacs-4/packages/dotfolio/dotfolio.info 23 Jun 2018 16:30:58 -0000 1.8
@@ -8,15 +8,16 @@
f
dotfolio
-
+
Nick Carroll
dotFOLIO is an ePortfolio application.
WEG
dotFOLIO is used to administer ePortfolio spaces mounted as subsites.
4
-
+
+
Index: openacs-4/packages/dotfolio/www/admin/site-wide-admin-toggle.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/dotfolio/www/admin/site-wide-admin-toggle.tcl,v
diff -u -r1.1 -r1.2
--- openacs-4/packages/dotfolio/www/admin/site-wide-admin-toggle.tcl 22 Sep 2005 11:27:57 -0000 1.1
+++ openacs-4/packages/dotfolio/www/admin/site-wide-admin-toggle.tcl 23 Jun 2018 16:30:58 -0000 1.2
@@ -44,5 +44,9 @@
ad_permission_revoke $user_id [acs_magic_object "security_context_root"] "admin"
}
-util_memoize_flush_regexp $user_id
+#
+# Flush all permission checks pertaining to this user.
+#
+permission::cache_flush -party_id $user_id
+
ad_returnredirect $referer
Index: openacs-4/packages/dotlrn/dotlrn.info
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/dotlrn/dotlrn.info,v
diff -u -r1.143 -r1.144
--- openacs-4/packages/dotlrn/dotlrn.info 29 Mar 2018 23:07:34 -0000 1.143
+++ openacs-4/packages/dotlrn/dotlrn.info 23 Jun 2018 16:30:58 -0000 1.144
@@ -7,17 +7,17 @@
f
f
-
+
OpenACS
A Course Management System
2017-08-06
DotLRN Consortium
2
Course Management
-
+
-
+
Index: openacs-4/packages/dotlrn/tcl/community-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/dotlrn/tcl/community-procs.tcl,v
diff -u -r1.226 -r1.227
--- openacs-4/packages/dotlrn/tcl/community-procs.tcl 9 May 2018 15:33:30 -0000 1.226
+++ openacs-4/packages/dotlrn/tcl/community-procs.tcl 23 Jun 2018 16:30:58 -0000 1.227
@@ -793,7 +793,22 @@
}
util_memoize_flush "dotlrn_community::list_users_not_cached -rel_type $rel_type -community_id $community_id"
- util_memoize_flush_regexp $user_id
+
+ #
+ # Flush all permission checks pertaining to this user.
+ #
+ permission::cache_flush -party_id $user_id
+
+ #
+ # It is not clear, what the original
+ #
+ # util_memoize_flush_regexp $user_id
+ #
+ # was intended just to flush, just permissons or more. To
+ # improve latencies, the following flush command should be
+ # more precise (or removed)
+ #
+ util_memoize_flush_pattern -log *$user_id*
}
ad_proc -public add_user_to_community {
@@ -914,7 +929,21 @@
# flush the list_users cache
util_memoize_flush "dotlrn_community::list_users_not_cached -rel_type $rel_type -community_id $community_id"
}
- util_memoize_flush_regexp $user_id
+ #
+ # Flush all permission checks pertaining to this user.
+ #
+ permission::cache_flush -party_id $user_id
+
+ #
+ # It is not clear, what the original
+ #
+ # util_memoize_flush_regexp $user_id
+ #
+ # was intended just to flush, just permissons or more. To
+ # improve latencies, the following flush command should be
+ # more precise (or removed)
+ #
+ util_memoize_flush_pattern -log *$user_id*
}
ad_proc -public remove_user_from_all {
Index: openacs-4/packages/dotlrn/www/admin/browse-toggle.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/dotlrn/www/admin/browse-toggle.tcl,v
diff -u -r1.6 -r1.7
--- openacs-4/packages/dotlrn/www/admin/browse-toggle.tcl 19 Jan 2018 14:38:45 -0000 1.6
+++ openacs-4/packages/dotlrn/www/admin/browse-toggle.tcl 23 Jun 2018 16:30:58 -0000 1.7
@@ -32,7 +32,10 @@
#update can_browse_p
dotlrn::set_can_browse -user_id $user_id -can_browse\=$can_browse_p
-util_memoize_flush_regexp $user_id
+#
+# Flush all permission checks pertaining to this user.
+#
+permission::cache_flush -party_id $user_id
ad_returnredirect $referer
ad_script_abort
Index: openacs-4/packages/dotlrn/www/admin/guest-toggle.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/dotlrn/www/admin/guest-toggle.tcl,v
diff -u -r1.6 -r1.7
--- openacs-4/packages/dotlrn/www/admin/guest-toggle.tcl 19 Jan 2018 14:38:45 -0000 1.6
+++ openacs-4/packages/dotlrn/www/admin/guest-toggle.tcl 23 Jun 2018 16:30:58 -0000 1.7
@@ -34,8 +34,11 @@
-user_id $user_id \
-value $guest_p
+#
+# Flush all permission checks pertaining to this user.
+#
+permission::cache_flush -party_id $user_id
-util_memoize_flush_regexp $user_id
ad_returnredirect $referer
ad_script_abort
Index: openacs-4/packages/dotlrn/www/admin/site-wide-admin-toggle.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/dotlrn/www/admin/site-wide-admin-toggle.tcl,v
diff -u -r1.17 -r1.18
--- openacs-4/packages/dotlrn/www/admin/site-wide-admin-toggle.tcl 21 Jan 2018 01:04:52 -0000 1.17
+++ openacs-4/packages/dotlrn/www/admin/site-wide-admin-toggle.tcl 23 Jun 2018 16:30:58 -0000 1.18
@@ -43,9 +43,11 @@
} elseif {$value eq "revoke"} {
permission::revoke -party_id $user_id -object_id $object_id -privilege admin
}
+#
+# Flush all permission checks pertaining to this user.
+#
+permission::cache_flush -party_id $user_id
-util_memoize_flush_regexp $user_id
-
ad_returnredirect $referer
ad_script_abort
Index: openacs-4/packages/dotlrn-admin/dotlrn-admin.info
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/dotlrn-admin/dotlrn-admin.info,v
diff -u -r1.5 -r1.6
--- openacs-4/packages/dotlrn-admin/dotlrn-admin.info 25 Aug 2008 15:51:21 -0000 1.5
+++ openacs-4/packages/dotlrn-admin/dotlrn-admin.info 23 Jun 2018 16:30:58 -0000 1.6
@@ -7,15 +7,14 @@
f
t
-
+
Andrew Grumet
2006-12-31
.LRN-wide admin pages. Initially created as a singleton with automount at /dotlrn/dotlrn-admin. These can be changed if and when .LRN supports multiple instances.
Contains pages and scripts for configuring .LRN --- managing users, departments, terms, classes and so on.
-
-
+
Index: openacs-4/packages/dotlrn-admin/www/admin/browse-toggle.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/dotlrn-admin/www/admin/browse-toggle.tcl,v
diff -u -r1.2 -r1.3
--- openacs-4/packages/dotlrn-admin/www/admin/browse-toggle.tcl 21 Jan 2018 00:48:30 -0000 1.2
+++ openacs-4/packages/dotlrn-admin/www/admin/browse-toggle.tcl 23 Jun 2018 16:30:58 -0000 1.3
@@ -30,7 +30,11 @@
#update can_browse_p
dotlrn::set_can_browse -user_id $user_id -can_browse\=$can_browse_p
-util_memoize_flush_regexp $user_id
+#
+# Flush all permission checks pertaining to this user.
+#
+permission::cache_flush -party_id $user_id
+
ad_returnredirect $referer
ad_script_abort
Index: openacs-4/packages/dotlrn-admin/www/admin/community-members-add-to-community.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/dotlrn-admin/www/admin/community-members-add-to-community.tcl,v
diff -u -r1.3 -r1.4
--- openacs-4/packages/dotlrn-admin/www/admin/community-members-add-to-community.tcl 21 Jan 2018 00:38:38 -0000 1.3
+++ openacs-4/packages/dotlrn-admin/www/admin/community-members-add-to-community.tcl 23 Jun 2018 16:30:58 -0000 1.4
@@ -97,7 +97,7 @@
#ReturnHeaders
ad_return_error \
"[_ dotlrn.lt_Error_adding_user_to_]" \
- "[_ dotlrn.lt_An_error_occured_whil]"
+ "[_ dotlrn.lt_An_error_occurred_whil]"
}
ad_script_abort
}
Index: openacs-4/packages/dotlrn-admin/www/admin/guest-toggle.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/dotlrn-admin/www/admin/guest-toggle.tcl,v
diff -u -r1.2 -r1.3
--- openacs-4/packages/dotlrn-admin/www/admin/guest-toggle.tcl 21 Jan 2018 00:48:30 -0000 1.2
+++ openacs-4/packages/dotlrn-admin/www/admin/guest-toggle.tcl 23 Jun 2018 16:30:58 -0000 1.3
@@ -31,7 +31,10 @@
-user_id $user_id \
-value $guest_p
-util_memoize_flush_regexp $user_id
+#
+# Flush all permission checks pertaining to this user.
+#
+permission::cache_flush -party_id $user_id
ad_returnredirect $referer
ad_script_abort
Index: openacs-4/packages/dotlrn-admin/www/admin/site-wide-admin-toggle.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/dotlrn-admin/www/admin/site-wide-admin-toggle.tcl,v
diff -u -r1.4 -r1.5
--- openacs-4/packages/dotlrn-admin/www/admin/site-wide-admin-toggle.tcl 21 Jan 2018 01:04:52 -0000 1.4
+++ openacs-4/packages/dotlrn-admin/www/admin/site-wide-admin-toggle.tcl 23 Jun 2018 16:30:58 -0000 1.5
@@ -38,7 +38,10 @@
ad_permission_revoke $user_id [acs_magic_object "security_context_root"] "admin"
}
-util_memoize_flush_regexp $user_id
+#
+# Flush all permission checks pertaining to this user.
+#
+permission::cache_flush -party_id $user_id
ad_returnredirect $referer
ad_script_abort