[dev] [commits] Horde branch master updated. 18a53c7ffc56dd4df59a389b1f366a7089f51df6

Jan Schneider jan at horde.org
Wed Jul 22 21:31:30 UTC 2009


Zitat von Michael M Slusarz <slusarz at horde.org>:

> Quoting Jan Schneider <jan at horde.org>:
>
>> Zitat von Michael M Slusarz <slusarz at horde.org>:
>>
>>> Quoting Jan Schneider <jan at horde.org>:
>>>
>>>> Zitat von Michael M Slusarz <slusarz at horde.org>:
>>>>
>>>>> This is the only place guaranteed to run logintasks on both regular and
>>>>> transparent auth. However, it may not be appropriate to run logintasks
>>>>> if we are doing some kind of API call.  It might be better to simply run
>>>>> all login tasks for all applications on initial login.
>>>>
>>>> Agreed, though only if authenticating through the login page.
>>>
>>> As opposed to what other methods?  I'm not sure I agree with this  
>>> statement, since, for example, horde login tasks must *always* be  
>>> run before the first time a page is displayed (e.g. for terms of  
>>> service agreement).
>>
>> I'm talking about non-ui authentication, like SyncML, API calls,  
>> etc. I didn't mean transparent authentication, sorry for the  
>> confusion.
>
> For this (and for other reasons) it does make sense to refactor  
> pushApp() a bit to allow configuration of whether logintasks should  
> be run or not.  The pushApp() call in app's base.php file should  
> always have this set (even if they don't have logintasks, horde  
> logintasks need to be run).  And I changed things so if  
> permission/auth checking is disabled, logintasks shouldn't be run  
> (this should take care of helper scripts, etc.).
>
> API calls are a bit more difficult.  Example: I have an IMP login  
> task to delete sent-mail folders past a certain age.  If I make an  
> API call to list folders in IMP, this login task *must* be run  
> before returning the list.

I think it's more intuitive to not have the tasks run in this case.  
The main reason being that you can't present a confirmation screen to  
the user, if he requested confirmation in his prefs. And having this  
only run if the user didn't ask for confirmation is too inconsistent.

Jan.

-- 
Do you need professional PHP or Horde consulting?
http://horde.org/consulting/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digitale PGP-Unterschrift
URL: <http://lists.horde.org/archives/dev/attachments/20090722/b634ff01/attachment.bin>


More information about the dev mailing list