You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by "David Latorre (JIRA)" <ji...@apache.org> on 2008/08/12 11:24:44 UTC
[jira] Created: (FTPSERVER-152)
NativeFileObject.hasDeletePermission() not working as expected.
NativeFileObject.hasDeletePermission() not working as expected.
----------------------------------------------------------------
Key: FTPSERVER-152
URL: https://issues.apache.org/jira/browse/FTPSERVER-152
Project: FtpServer
Issue Type: Bug
Affects Versions: 1.0-M2, 1.0-M3
Reporter: David Latorre
Fix For: 1.0-M2
In the current implementation, "hasDeletePermission" in NativeFileObject delegates to hasWritePermission in order to check whether a file can be deleted or not. But, in most environments, a file can be deleted when it is parent directory is writable, no matter if the file is writable itself or not. I attach a fix which attempts to preserve both options: it will check FTPServer's write permission for the actual file and if its parent directory is writable.
public boolean hasDeletePermission() {
// root cannot be deleted
if ("/".equals(fileName)) {
return false;
}
/* Added 12/08/2008: in the case that the permission is not explicitly denied for this file
* we will check if the parent file has write permission as most systems consider that a file can
* be deleted when their parent directory is writable.
*/
String fullName=getFullName();
// we check FTPServer's write permission for this file.
if (user.authorize(new WriteRequest(fullName)) == null) {
return false;
}
// In order to mantain consistency, when possible we delete the last '/' character in the String
int indexOfSlash=fullName.lastIndexOf('/');
String parentFullName;
if (indexOfSlash==0){
parentFullName="/";
}
else{
parentFullName=fullName.substring(0,indexOfSlash);
}
// we check if the parent FileObject is writable.
NativeFileObject parentObject=new NativeFileObject(parentFullName,file.getAbsoluteFile().getParentFile(),user);
return parentObject.hasWritePermission();
}
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (FTPSERVER-152)
NativeFileObject.hasDeletePermission() not working as expected.
Posted by "Niklas Gustavsson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FTPSERVER-152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12622330#action_12622330 ]
Niklas Gustavsson commented on FTPSERVER-152:
---------------------------------------------
Could you please add some tests for this patch? Please add them as attachments and check the radio button that you approve them for inclusion.
> NativeFileObject.hasDeletePermission() not working as expected.
> ----------------------------------------------------------------
>
> Key: FTPSERVER-152
> URL: https://issues.apache.org/jira/browse/FTPSERVER-152
> Project: FtpServer
> Issue Type: Bug
> Affects Versions: 1.0-M2
> Reporter: David Latorre
> Assignee: Niklas Gustavsson
> Fix For: 1.0-M3
>
> Original Estimate: 0.17h
> Remaining Estimate: 0.17h
>
> In the current implementation, "hasDeletePermission" in NativeFileObject delegates to hasWritePermission in order to check whether a file can be deleted or not. But, in most environments, a file can be deleted when it is parent directory is writable, no matter if the file is writable itself or not. I attach a fix which attempts to preserve both options: it will check FTPServer's write permission for the actual file and if its parent directory is writable.
> public boolean hasDeletePermission() {
> // root cannot be deleted
> if ("/".equals(fileName)) {
> return false;
> }
> /* Added 12/08/2008: in the case that the permission is not explicitly denied for this file
> * we will check if the parent file has write permission as most systems consider that a file can
> * be deleted when their parent directory is writable.
> */
> String fullName=getFullName();
>
> // we check FTPServer's write permission for this file.
> if (user.authorize(new WriteRequest(fullName)) == null) {
> return false;
> }
> // In order to mantain consistency, when possible we delete the last '/' character in the String
> int indexOfSlash=fullName.lastIndexOf('/');
> String parentFullName;
> if (indexOfSlash==0){
> parentFullName="/";
> }
> else{
> parentFullName=fullName.substring(0,indexOfSlash);
> }
>
> // we check if the parent FileObject is writable.
> NativeFileObject parentObject=new NativeFileObject(parentFullName,file.getAbsoluteFile().getParentFile(),user);
> return parentObject.hasWritePermission();
> }
>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Closed: (FTPSERVER-152)
NativeFileObject.hasDeletePermission() not working as expected.
Posted by "Niklas Gustavsson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FTPSERVER-152?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Niklas Gustavsson closed FTPSERVER-152.
---------------------------------------
Resolution: Fixed
Patch commited. Thanks for both the patch and the test, great work!
svn -m "Improve delete permission handling on native file system (FTPSERVER-152). Patch by David Latorre" commit
Sending core/src/main/java/org/apache/ftpserver/filesystem/NativeFileObject.java
Sending core/src/test/java/org/apache/ftpserver/filesystem/NativeFileObjectTest.java
Transmitting file data ..
Committed revision 691042.
> NativeFileObject.hasDeletePermission() not working as expected.
> ----------------------------------------------------------------
>
> Key: FTPSERVER-152
> URL: https://issues.apache.org/jira/browse/FTPSERVER-152
> Project: FtpServer
> Issue Type: Bug
> Affects Versions: 1.0-M2
> Reporter: David Latorre
> Assignee: Niklas Gustavsson
> Fix For: 1.0-M3
>
> Attachments: NativeFileObjectTest.patch
>
> Original Estimate: 0.17h
> Remaining Estimate: 0.17h
>
> In the current implementation, "hasDeletePermission" in NativeFileObject delegates to hasWritePermission in order to check whether a file can be deleted or not. But, in most environments, a file can be deleted when it is parent directory is writable, no matter if the file is writable itself or not. I attach a fix which attempts to preserve both options: it will check FTPServer's write permission for the actual file and if its parent directory is writable.
> public boolean hasDeletePermission() {
> // root cannot be deleted
> if ("/".equals(fileName)) {
> return false;
> }
> /* Added 12/08/2008: in the case that the permission is not explicitly denied for this file
> * we will check if the parent file has write permission as most systems consider that a file can
> * be deleted when their parent directory is writable.
> */
> String fullName=getFullName();
>
> // we check FTPServer's write permission for this file.
> if (user.authorize(new WriteRequest(fullName)) == null) {
> return false;
> }
> // In order to mantain consistency, when possible we delete the last '/' character in the String
> int indexOfSlash=fullName.lastIndexOf('/');
> String parentFullName;
> if (indexOfSlash==0){
> parentFullName="/";
> }
> else{
> parentFullName=fullName.substring(0,indexOfSlash);
> }
>
> // we check if the parent FileObject is writable.
> NativeFileObject parentObject=new NativeFileObject(parentFullName,file.getAbsoluteFile().getParentFile(),user);
> return parentObject.hasWritePermission();
> }
>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (FTPSERVER-152)
NativeFileObject.hasDeletePermission() not working as expected.
Posted by "Niklas Gustavsson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FTPSERVER-152?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Niklas Gustavsson updated FTPSERVER-152:
----------------------------------------
Fix Version/s: (was: 1.0-M2)
1.0-M3
Assignee: Niklas Gustavsson
Affects Version/s: (was: 1.0-M3)
> NativeFileObject.hasDeletePermission() not working as expected.
> ----------------------------------------------------------------
>
> Key: FTPSERVER-152
> URL: https://issues.apache.org/jira/browse/FTPSERVER-152
> Project: FtpServer
> Issue Type: Bug
> Affects Versions: 1.0-M2
> Reporter: David Latorre
> Assignee: Niklas Gustavsson
> Fix For: 1.0-M3
>
> Original Estimate: 0.17h
> Remaining Estimate: 0.17h
>
> In the current implementation, "hasDeletePermission" in NativeFileObject delegates to hasWritePermission in order to check whether a file can be deleted or not. But, in most environments, a file can be deleted when it is parent directory is writable, no matter if the file is writable itself or not. I attach a fix which attempts to preserve both options: it will check FTPServer's write permission for the actual file and if its parent directory is writable.
> public boolean hasDeletePermission() {
> // root cannot be deleted
> if ("/".equals(fileName)) {
> return false;
> }
> /* Added 12/08/2008: in the case that the permission is not explicitly denied for this file
> * we will check if the parent file has write permission as most systems consider that a file can
> * be deleted when their parent directory is writable.
> */
> String fullName=getFullName();
>
> // we check FTPServer's write permission for this file.
> if (user.authorize(new WriteRequest(fullName)) == null) {
> return false;
> }
> // In order to mantain consistency, when possible we delete the last '/' character in the String
> int indexOfSlash=fullName.lastIndexOf('/');
> String parentFullName;
> if (indexOfSlash==0){
> parentFullName="/";
> }
> else{
> parentFullName=fullName.substring(0,indexOfSlash);
> }
>
> // we check if the parent FileObject is writable.
> NativeFileObject parentObject=new NativeFileObject(parentFullName,file.getAbsoluteFile().getParentFile(),user);
> return parentObject.hasWritePermission();
> }
>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.