diff --git a/editor/editor.js b/editor/editor.js
index 55c4722..84cba4f 100644
--- a/editor/editor.js
+++ b/editor/editor.js
@@ -51,7 +51,7 @@ function get_token (service, renew) {
return promise;
}
-async function fetch_json (service, path, method="GET", body=null) {
+async function fetch_json (service, path, method="GET", body=null, cache=false) {
if (!(service in Services)) return;
const url = new URL(path, Services[service]);
@@ -60,6 +60,7 @@ async function fetch_json (service, path, method="GET", body=null) {
const opts = {
method,
headers: { "Authorization": `Bearer ${token}` },
+ cache: cache ? "default" : "no-cache",
};
if (body != null) {
opts.body = JSON.stringify(body);
@@ -85,7 +86,9 @@ async function fetch_json (service, path, method="GET", body=null) {
}
async function _get_name (obj) {
- const gi = await fetch_json("configdb", `v1/app/${Uuid.General_Info}/object/${obj}`);
+ const gi = await fetch_json("configdb",
+ `v1/app/${Uuid.General_Info}/object/${obj}`,
+ "GET", null, true);
return gi
? gi.deleted
? html`${gi.name}`
@@ -94,7 +97,9 @@ async function _get_name (obj) {
}
async function get_name (obj) {
- const reg = await fetch_json("configdb", `v1/app/${Uuid.Registration}/object/${obj}`);
+ const reg = await fetch_json("configdb",
+ `v1/app/${Uuid.Registration}/object/${obj}`,
+ "GET", null, true);
const name = await _get_name(obj);
const klass = reg ? await _get_name(reg.class) : html`NO CLASS`;
return html`${name} (${klass})`;
diff --git a/lib/authz.js b/lib/authz.js
index 77bd01d..d631ccc 100644
--- a/lib/authz.js
+++ b/lib/authz.js
@@ -159,7 +159,7 @@ export default class AuthZ {
/* We can return 403 here as long as we don't return 404 until
* we've checked the permissions. */
- const ok = req.auth == ids.kerberos
+ const ok = req.auth == ids?.kerberos
|| await this.model.check_acl(req.auth, Perm.Read_Krb, uuid, true);
if (!ok) return res.status(403).end();