You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@directory.apache.org by "Ersin Er (JIRA)" <ji...@apache.org> on 2006/08/29 22:18:25 UTC

[jira] Created: (DIRSERVER-725) Access control permission Import is only meaningful for prescriptive ACI

Access control permission Import is only meaningful for prescriptive ACI
------------------------------------------------------------------------

                 Key: DIRSERVER-725
                 URL: http://issues.apache.org/jira/browse/DIRSERVER-725
             Project: Directory ApacheDS
          Issue Type: Bug
    Affects Versions: pre-1.0, 1.0-RC1, 1.0-RC2, 1.0-RC3, 1.1.0, 1.0-RC4
            Reporter: Ersin Er
             Fix For: 1.1.0, 1.0-RC4


As stated in X.501 L.4:

"If granted, allows entries, including all subordinates, to be relocated at the designated location in the DIT
in a ModifyDN operation. Import is only meaningful as prescriptive ACI."

However our current implementation considers also entry ACIs that includes Import permissions.

Here is a code snippet from our implementation:

Collection destTuples = new HashSet();
        addPerscriptiveAciTuples( proxy, destTuples, oriChildName, entry );
        addEntryAciTuples( destTuples, entry );
        addSubentryAciTuples( proxy, destTuples, oriChildName, entry );
        engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), oriChildName, null,
            null, IMPORT_PERMS, tuples, entry );

The line
addEntryAciTuples( destTuples, entry );
needs to be removed in from the relevant code parts.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] Commented: (DIRSERVER-725) Access control permission Import is only meaningful for prescriptive ACI

Posted by "Ersin Er (JIRA)" <ji...@apache.org>.

    [ http://issues.apache.org/jira/browse/DIRSERVER-725?page=comments#action_12431491 ] 
            
Ersin Er commented on DIRSERVER-725:
------------------------------------

Fixed for 1.0 here:
    http://svn.apache.org/viewvc?rev=438396&view=rev

> Access control permission Import is only meaningful for prescriptive ACI
> ------------------------------------------------------------------------
>
>                 Key: DIRSERVER-725
>                 URL: http://issues.apache.org/jira/browse/DIRSERVER-725
>             Project: Directory ApacheDS
>          Issue Type: Bug
>    Affects Versions: 1.0-RC1, 1.0-RC2, pre-1.0, 1.1.0, 1.0-RC3, 1.0-RC4
>            Reporter: Ersin Er
>         Assigned To: Ersin Er
>             Fix For: 1.1.0, 1.0-RC4
>
>
> As stated in X.501 L.4:
> "If granted, allows entries, including all subordinates, to be relocated at the designated location in the DIT
> in a ModifyDN operation. Import is only meaningful as prescriptive ACI."
> However our current implementation considers also entry ACIs that includes Import permissions.
> Here is a code snippet from our implementation:
> Collection destTuples = new HashSet();
>         addPerscriptiveAciTuples( proxy, destTuples, oriChildName, entry );
>         addEntryAciTuples( destTuples, entry );
>         addSubentryAciTuples( proxy, destTuples, oriChildName, entry );
>         engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), oriChildName, null,
>             null, IMPORT_PERMS, tuples, entry );
> The line
> addEntryAciTuples( destTuples, entry );
> needs to be removed in from the relevant code parts.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] Assigned: (DIRSERVER-725) Access control permission Import is only meaningful for prescriptive ACI

Posted by "Ersin Er (JIRA)" <ji...@apache.org>.

     [ http://issues.apache.org/jira/browse/DIRSERVER-725?page=all ]

Ersin Er reassigned DIRSERVER-725:
----------------------------------

    Assignee: Ersin Er

> Access control permission Import is only meaningful for prescriptive ACI
> ------------------------------------------------------------------------
>
>                 Key: DIRSERVER-725
>                 URL: http://issues.apache.org/jira/browse/DIRSERVER-725
>             Project: Directory ApacheDS
>          Issue Type: Bug
>    Affects Versions: 1.0-RC1, 1.0-RC2, pre-1.0, 1.1.0, 1.0-RC3, 1.0-RC4
>            Reporter: Ersin Er
>         Assigned To: Ersin Er
>             Fix For: 1.1.0, 1.0-RC4
>
>
> As stated in X.501 L.4:
> "If granted, allows entries, including all subordinates, to be relocated at the designated location in the DIT
> in a ModifyDN operation. Import is only meaningful as prescriptive ACI."
> However our current implementation considers also entry ACIs that includes Import permissions.
> Here is a code snippet from our implementation:
> Collection destTuples = new HashSet();
>         addPerscriptiveAciTuples( proxy, destTuples, oriChildName, entry );
>         addEntryAciTuples( destTuples, entry );
>         addSubentryAciTuples( proxy, destTuples, oriChildName, entry );
>         engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), oriChildName, null,
>             null, IMPORT_PERMS, tuples, entry );
> The line
> addEntryAciTuples( destTuples, entry );
> needs to be removed in from the relevant code parts.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] Closed: (DIRSERVER-725) Access control permission Import is only meaningful for prescriptive ACI

Posted by "Ersin Er (JIRA)" <ji...@apache.org>.

     [ http://issues.apache.org/jira/browse/DIRSERVER-725?page=all ]

Ersin Er closed DIRSERVER-725.
------------------------------

    Resolution: Fixed

Fixed for 1.1 here:
    http://svn.apache.org/viewvc?rev=438406&view=rev

> Access control permission Import is only meaningful for prescriptive ACI
> ------------------------------------------------------------------------
>
>                 Key: DIRSERVER-725
>                 URL: http://issues.apache.org/jira/browse/DIRSERVER-725
>             Project: Directory ApacheDS
>          Issue Type: Bug
>    Affects Versions: 1.0-RC1, 1.0-RC2, pre-1.0, 1.1.0, 1.0-RC3, 1.0-RC4
>            Reporter: Ersin Er
>         Assigned To: Ersin Er
>             Fix For: 1.1.0, 1.0-RC4
>
>
> As stated in X.501 L.4:
> "If granted, allows entries, including all subordinates, to be relocated at the designated location in the DIT
> in a ModifyDN operation. Import is only meaningful as prescriptive ACI."
> However our current implementation considers also entry ACIs that includes Import permissions.
> Here is a code snippet from our implementation:
> Collection destTuples = new HashSet();
>         addPerscriptiveAciTuples( proxy, destTuples, oriChildName, entry );
>         addEntryAciTuples( destTuples, entry );
>         addSubentryAciTuples( proxy, destTuples, oriChildName, entry );
>         engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), oriChildName, null,
>             null, IMPORT_PERMS, tuples, entry );
> The line
> addEntryAciTuples( destTuples, entry );
> needs to be removed in from the relevant code parts.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira