Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No access call when indirect subscription becomes direct #98

Closed
jirenius opened this issue Jul 31, 2019 · 1 comment
Closed

No access call when indirect subscription becomes direct #98

jirenius opened this issue Jul 31, 2019 · 1 comment
Assignees
@jirenius
Labels
bug Something isn't working

Comments

@jirenius
Copy link
Collaborator

Issue

Resgate does not make an access call on an indirectly subscribed resource after it turns to a solely directly subscribed resource.

Example

Let assume we have a resource test.parent with a resource reference to test.child:

  • Client subscribes to test.parent and gets test.child as an indirectly subscribed resource.
  • Client subscribes to test.child, which triggers no access request as it is also indirectly subscribed.
  • Client unsubscribes to test.parent, which turns test.child to a solely directly subscribed resource.
  • Resgate erroneously does not confirm client's access to test.child
  • Service sends a reaccess on test.parent, and denies access.
  • Client will continue to receive events for test.child even if access should have been revoked.

Impact

May have access control impact for solutions where reaccess is used on nested resources.

Solution

On unsubscribe, Resgate should check if any referenced resource is directly subscribed without any indirect reference. In such a case, Resgate should trigger a reaccess on the referenced resource.
@jirenius jirenius added the bug Something isn't working label Jul 31, 2019
@jirenius jirenius self-assigned this Jul 31, 2019
jirenius added a commit that referenced this issue Jul 31, 2019
@jirenius
GH-98: Added failing test recreating the bug.
aab95e0
jirenius added a commit that referenced this issue Jul 31, 2019
@jirenius
GH-98: Now ensures access after an indirect reference is removed.
d2da096
jirenius added a commit that referenced this issue Jul 31, 2019
@jirenius
GH-98: Testing that unnecessary access is not sent when calling Ensur…
6036fe6 
…eAccess.
jirenius added a commit that referenced this issue Jul 31, 2019
@jirenius
GH-98: Added a health check assertion for isQueueing counter.
4b1f285
jirenius added a commit that referenced this issue Jul 31, 2019
@jirenius
Merge pull request #99 from resgateio/bugfix/gh-98-no-access-call-whe…
4634553 
…n-indirect-subscription-becomes-direct

Bugfix/gh 98 no access call when indirect subscription becomes direct
@jirenius
Copy link
Collaborator Author

Fixed in #99

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jirenius jirenius

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jirenius