You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Kiran Ayyagari (JIRA)" <ji...@apache.org> on 2011/06/21 10:03:47 UTC
[jira] [Closed] (DIRSERVER-1625) Cannot modify a prescriptiveAci on
a subEntry
[ https://issues.apache.org/jira/browse/DIRSERVER-1625?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kiran Ayyagari closed DIRSERVER-1625.
-------------------------------------
Resolution: Won't Fix
Assignee: Kiran Ayyagari
this issue has been fixed in the rev 1129732 (on 31 May), can you try with the latest trunk.
OTOH,
I have tested this with a new test given below
@Test
public void testModifyPrescriptiveAciOpAttribute() throws Exception
{
AutzIntegUtils.service = service;
String identPrefix = "{ identificationTag \"testModifyPrescriptiveAci\", ";
String restOfAci = " precedence 14, " + " authenticationLevel none, " + " itemOrUserFirst userFirst: " + " { "
+ " userClasses { thisEntry }, " + " userPermissions " + " { " + " { "
+ " protectedItems {entry}, " + " grantsAndDenials { grantModify, grantBrowse, grantRead } "
+ " }, " + " { " + " protectedItems {allAttributeValues {userPassword}}, "
+ " grantsAndDenials { grantAdd, grantRemove } " + " } " + " } " + " } " + "}";
createAccessControlSubentry( "testModifyPrescriptiveAci", identPrefix + restOfAci );
CoreSession session = service.getAdminSession();
Dn subEntryDn =new Dn( service.getSchemaManager(), "cn=testModifyPrescriptiveAci,ou=system" );
System.out.println( session.lookup( subEntryDn, "+" ) );
Attribute prescriptiveAciAt = new DefaultAttribute( SchemaConstants.PRESCRIPTIVE_ACI_AT );
String newAci = "{ identificationTag \"dirsrvr-1625ModifyPrescriptiveAci\", " + restOfAci;
prescriptiveAciAt.add( newAci );
ModifyRequest modReq = new ModifyRequestImpl();
modReq.setName( subEntryDn );
modReq.replace( SchemaConstants.PRESCRIPTIVE_ACI_AT, newAci );
session.modify( modReq );
Entry subEntry = session.lookup( subEntryDn, "+" );
System.out.println( subEntry );
assertEquals( newAci, subEntry.get( SchemaConstants.PRESCRIPTIVE_ACI_AT ).getString() );
}
> Cannot modify a prescriptiveAci on a subEntry
> ---------------------------------------------
>
> Key: DIRSERVER-1625
> URL: https://issues.apache.org/jira/browse/DIRSERVER-1625
> Project: Directory ApacheDS
> Issue Type: Bug
> Components: core
> Reporter: Mike Adamson
> Assignee: Kiran Ayyagari
>
> Attempting to replace an aci on a subEntry using a user session with the following:
> ModifyRequest modifyRequest = new ModifyRequestImpl().setName(subEntryDn).replace(aciAttribute);
> session.modify(modifyRequest);
> results in a LdapSchemaViolationException
> I have tracked this down to this block of code at the bottom of the AciAuthorizationInterceptor.modify method:
> Entry modifiedEntry = modifyContext.lookup( dn, ByPassConstants.LOOKUP_BYPASS );
> tupleCache.subentryModified( dn, mods, modifiedEntry );
> groupCache.groupModified( dn, mods, entry, schemaManager );
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
Re: [jira] [Closed] (DIRSERVER-1625) Cannot modify a prescriptiveAci
on a subEntry
Posted by Mike Adamson <mi...@gmail.com>.
I've tested it here and it's fixed my test.
Thanks,
MikeA
On 21 June 2011 10:45, Kiran Ayyagari <ka...@apache.org> wrote:
> On Tue, Jun 21, 2011 at 2:28 PM, Mike Adamson <mi...@gmail.com> wrote:
> > Hi Kiran,
> >
> > Unfortunately this does not fix the case of attempting to modify a
> > prescriptiveAci using a userSession. This still fails on the latest
> trunk. I
> ahhh, my earlier test case used admin session
> > have made this work locally by changing the code in the
> > AciAuthorizationInterceptor.modify method from:
> >
> > Entry modifiedEntry = modifyContext.lookup( dn,
> > ByPassConstants.LOOKUP_BYPASS );
> > tupleCache.subentryModified( dn, mods, modifiedEntry );
> > groupCache.groupModified( dn, mods, entry, schemaManager );
> >
> > to:
> >
> > Entry modifiedEntry = modifyContext.lookup( dn,
> > ByPassConstants.LOOKUP_BYPASS, "+" );
> > tupleCache.subentryModified( dn, mods, modifiedEntry );
> > groupCache.groupModified( dn, mods, entry, schemaManager );
> >
> > Do you want me to open this jira again?
> >
> I have reopened and fixed it, thanks for the details
>
> --
> Kiran Ayyagari
>
Re: [jira] [Closed] (DIRSERVER-1625) Cannot modify a prescriptiveAci
on a subEntry
Posted by Kiran Ayyagari <ka...@apache.org>.
On Tue, Jun 21, 2011 at 2:28 PM, Mike Adamson <mi...@gmail.com> wrote:
> Hi Kiran,
>
> Unfortunately this does not fix the case of attempting to modify a
> prescriptiveAci using a userSession. This still fails on the latest trunk. I
ahhh, my earlier test case used admin session
> have made this work locally by changing the code in the
> AciAuthorizationInterceptor.modify method from:
>
> Entry modifiedEntry = modifyContext.lookup( dn,
> ByPassConstants.LOOKUP_BYPASS );
> tupleCache.subentryModified( dn, mods, modifiedEntry );
> groupCache.groupModified( dn, mods, entry, schemaManager );
>
> to:
>
> Entry modifiedEntry = modifyContext.lookup( dn,
> ByPassConstants.LOOKUP_BYPASS, "+" );
> tupleCache.subentryModified( dn, mods, modifiedEntry );
> groupCache.groupModified( dn, mods, entry, schemaManager );
>
> Do you want me to open this jira again?
>
I have reopened and fixed it, thanks for the details
--
Kiran Ayyagari
Re: [jira] [Closed] (DIRSERVER-1625) Cannot modify a prescriptiveAci
on a subEntry
Posted by Mike Adamson <mi...@gmail.com>.
Hi Kiran,
Unfortunately this does not fix the case of attempting to modify a
prescriptiveAci using a userSession. This still fails on the latest trunk. I
have made this work locally by changing the code in the
AciAuthorizationInterceptor.modify method from:
Entry modifiedEntry = modifyContext.lookup( dn,
ByPassConstants.LOOKUP_BYPASS );
tupleCache.subentryModified( dn, mods, modifiedEntry );
groupCache.groupModified( dn, mods, entry, schemaManager );
to:
Entry modifiedEntry = modifyContext.lookup( dn,
ByPassConstants.LOOKUP_BYPASS, "+" );
tupleCache.subentryModified( dn, mods, modifiedEntry );
groupCache.groupModified( dn, mods, entry, schemaManager );
Do you want me to open this jira again?
Thanks,
Mike Adamson
On 21 June 2011 09:03, Kiran Ayyagari (JIRA) <ji...@apache.org> wrote:
>
> [
> https://issues.apache.org/jira/browse/DIRSERVER-1625?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel]
>
> Kiran Ayyagari closed DIRSERVER-1625.
> -------------------------------------
>
> Resolution: Won't Fix
> Assignee: Kiran Ayyagari
>
> this issue has been fixed in the rev 1129732 (on 31 May), can you try with
> the latest trunk.
>
> OTOH,
> I have tested this with a new test given below
>
> @Test
> public void testModifyPrescriptiveAciOpAttribute() throws Exception
> {
> AutzIntegUtils.service = service;
>
> String identPrefix = "{ identificationTag
> \"testModifyPrescriptiveAci\", ";
>
> String restOfAci = " precedence 14, " + " authenticationLevel none,
> " + " itemOrUserFirst userFirst: " + " { "
> + " userClasses { thisEntry }, " + "
> userPermissions " + " { " + " { "
> + " protectedItems {entry}, " + "
> grantsAndDenials { grantModify, grantBrowse, grantRead } "
> + " }, " + " { " + "
> protectedItems {allAttributeValues {userPassword}}, "
> + " grantsAndDenials { grantAdd,
> grantRemove } " + " } " + " } " + " } " + "}";
>
> createAccessControlSubentry( "testModifyPrescriptiveAci",
> identPrefix + restOfAci );
>
> CoreSession session = service.getAdminSession();
>
> Dn subEntryDn =new Dn( service.getSchemaManager(),
> "cn=testModifyPrescriptiveAci,ou=system" );
> System.out.println( session.lookup( subEntryDn, "+" ) );
>
> Attribute prescriptiveAciAt = new DefaultAttribute(
> SchemaConstants.PRESCRIPTIVE_ACI_AT );
>
> String newAci = "{ identificationTag
> \"dirsrvr-1625ModifyPrescriptiveAci\", " + restOfAci;
> prescriptiveAciAt.add( newAci );
>
> ModifyRequest modReq = new ModifyRequestImpl();
> modReq.setName( subEntryDn );
> modReq.replace( SchemaConstants.PRESCRIPTIVE_ACI_AT, newAci );
> session.modify( modReq );
>
> Entry subEntry = session.lookup( subEntryDn, "+" );
> System.out.println( subEntry );
> assertEquals( newAci, subEntry.get(
> SchemaConstants.PRESCRIPTIVE_ACI_AT ).getString() );
> }
>
>
>
> > Cannot modify a prescriptiveAci on a subEntry
> > ---------------------------------------------
> >
> > Key: DIRSERVER-1625
> > URL:
> https://issues.apache.org/jira/browse/DIRSERVER-1625
> > Project: Directory ApacheDS
> > Issue Type: Bug
> > Components: core
> > Reporter: Mike Adamson
> > Assignee: Kiran Ayyagari
> >
> > Attempting to replace an aci on a subEntry using a user session with the
> following:
> > ModifyRequest modifyRequest = new
> ModifyRequestImpl().setName(subEntryDn).replace(aciAttribute);
> > session.modify(modifyRequest);
> > results in a LdapSchemaViolationException
> > I have tracked this down to this block of code at the bottom of the
> AciAuthorizationInterceptor.modify method:
> > Entry modifiedEntry = modifyContext.lookup( dn,
> ByPassConstants.LOOKUP_BYPASS );
> > tupleCache.subentryModified( dn, mods, modifiedEntry );
> > groupCache.groupModified( dn, mods, entry, schemaManager );
>
> --
> This message is automatically generated by JIRA.
> For more information on JIRA, see: http://www.atlassian.com/software/jira
>
>
>