You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
An entry in the knowledge base should be a piece of content that is bound to a user and a namespace meaning that two users (A and B) should be able to create an entry into the knowledge base in the same space and use the same ID without creating a conflict because the "primary key" for the entry should be username-space-id (to allow for easier wildcard queries).
Today we only use the id, meaning that if User A has created the entry "my-entry", when user B tries to create "my-entry" the system reports a conflict which has two issues:
We leak across the access control boundary that some entry with this ID already exists
User B has to modify their ID to avoid a conflict that shouldn't be visible to the user at all
If User B follows up their create request with a "get all entries" request to check what they have, they will get back a list that doesn't include "my-entry" since it doesn't belong to them.
Possible solutions
One approach that could work is to append the user name and space name to each ID behind the scenes, so that what is stored has the "full" ID schema, but what we return from the API to the user only has the base ID part.
This means that all APIs and the Knowledge base service have to consistently do this packing/unpacking.
The content you are editing has changed. Please copy your edits and refresh the page.
Summary
An entry in the knowledge base should be a piece of content that is bound to a user and a namespace meaning that two users (A and B) should be able to create an entry into the knowledge base in the same space and use the same ID without creating a conflict because the "primary key" for the entry should be
username-space-id
(to allow for easier wildcard queries).Today we only use the
id
, meaning that if User A has created the entry "my-entry", when user B tries to create "my-entry" the system reports a conflict which has two issues:If User B follows up their create request with a "get all entries" request to check what they have, they will get back a list that doesn't include "my-entry" since it doesn't belong to them.
Possible solutions
One approach that could work is to append the user name and space name to each ID behind the scenes, so that what is stored has the "full" ID schema, but what we return from the API to the user only has the base ID part.
This means that all APIs and the Knowledge base service have to consistently do this packing/unpacking.
Related
The text was updated successfully, but these errors were encountered: