You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@manifoldcf.apache.org by kw...@apache.org on 2017/04/08 05:07:26 UTC
svn commit: r1790654 - in /manifoldcf/trunk: CHANGES.txt
connectors/documentum/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/DCTM/AuthorityConnector.java
Author: kwright
Date: Sat Apr 8 05:07:26 2017
New Revision: 1790654
URL: http://svn.apache.org/viewvc?rev=1790654&view=rev
Log:
Tentative fix for CONNECTORS-1401.
Modified:
manifoldcf/trunk/CHANGES.txt
manifoldcf/trunk/connectors/documentum/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/DCTM/AuthorityConnector.java
Modified: manifoldcf/trunk/CHANGES.txt
URL: http://svn.apache.org/viewvc/manifoldcf/trunk/CHANGES.txt?rev=1790654&r1=1790653&r2=1790654&view=diff
==============================================================================
--- manifoldcf/trunk/CHANGES.txt (original)
+++ manifoldcf/trunk/CHANGES.txt Sat Apr 8 05:07:26 2017
@@ -3,6 +3,9 @@ $Id$
======================= 2.7-dev =====================
+CONNECTORS-1401: Fix Documentum Authority query to exclude
+access tokens that have matching negative groups or users.
+
CONNECTORS_1399: Remove all dependencies on json.jar, as per
Apache Legal advice.
(Karl Wright)
Modified: manifoldcf/trunk/connectors/documentum/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/DCTM/AuthorityConnector.java
URL: http://svn.apache.org/viewvc/manifoldcf/trunk/connectors/documentum/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/DCTM/AuthorityConnector.java?rev=1790654&r1=1790653&r2=1790654&view=diff
==============================================================================
--- manifoldcf/trunk/connectors/documentum/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/DCTM/AuthorityConnector.java (original)
+++ manifoldcf/trunk/connectors/documentum/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/DCTM/AuthorityConnector.java Sat Apr 8 05:07:26 2017
@@ -744,14 +744,18 @@ public class AuthorityConnector extends
// U.user_state=0)";
String strDQL = "SELECT DISTINCT A.owner_name, A.object_name FROM dm_acl A " + " WHERE ";
if (!useSystemAcls)
+ {
strDQL += "A.object_name NOT LIKE 'dm_%' AND (";
- strDQL += "(any (A.r_accessor_name IN ('" + strAccessToken + "', 'dm_world') AND r_accessor_permit>2) "
- + " OR (any (A.r_accessor_name='dm_owner' AND A.r_accessor_permit>2) AND A.owner_name=" + quoteDQLString(strAccessToken) + ")"
- + " OR (ANY (A.r_accessor_name in (SELECT G.group_name FROM dm_group G WHERE ANY G.i_all_users_names = " + quoteDQLString(strAccessToken) + ")"
- + " AND r_accessor_permit>2))"
- + ")";
- if (!useSystemAcls)
+ }
+
+ // Include ACLs with positive groups and users
+ strDQL += "(any (A.r_accessor_name IN (" + quoteDQLString(strAccessToken) + ", 'dm_world') AND r_accessor_permit>2) OR (any (A.r_accessor_name='dm_owner' AND A.r_accessor_permit>2) AND A.owner_name=" + quoteDQLString(strAccessToken) + ") OR (ANY (A.r_accessor_name in (SELECT G.group_name FROM dm_group G WHERE ANY G.i_all_users_names = " + quoteDQLString(strAccessToken) + ") AND r_accessor_permit>2))) ";
+ // Exclude ACLs with negative groups and users
+ strDQL += "AND NOT (any (A.r_accessor_name IN (" + quoteDQLString(strAccessToken) + ", 'dm_world') AND r_accessor_permit<=2) OR (any (A.r_accessor_name='dm_owner' AND A.r_accessor_permit<=2) AND A.owner_name=" + quoteDQLString(strAccessToken) + ") OR (ANY (A.r_accessor_name in (SELECT G.group_name FROM dm_group G WHERE ANY G.i_all_users_names = " + quoteDQLString(strAccessToken) + ") AND r_accessor_permit<=2)))";
+
+ if (!useSystemAcls) {
strDQL += ")";
+ }
if (Logging.authorityConnectors.isDebugEnabled())
Logging.authorityConnectors.debug("DCTM: About to execute query= (" + strDQL + ")");