You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Ersin Er (JIRA)" <ji...@apache.org> on 2006/08/30 08:35:25 UTC
[jira] Commented: (DIRSERVER-725) Access control permission Import
is only meaningful for prescriptive ACI
[ http://issues.apache.org/jira/browse/DIRSERVER-725?page=comments#action_12431491 ]
Ersin Er commented on DIRSERVER-725:
------------------------------------
Fixed for 1.0 here:
http://svn.apache.org/viewvc?rev=438396&view=rev
> Access control permission Import is only meaningful for prescriptive ACI
> ------------------------------------------------------------------------
>
> Key: DIRSERVER-725
> URL: http://issues.apache.org/jira/browse/DIRSERVER-725
> Project: Directory ApacheDS
> Issue Type: Bug
> Affects Versions: 1.0-RC1, 1.0-RC2, pre-1.0, 1.1.0, 1.0-RC3, 1.0-RC4
> Reporter: Ersin Er
> Assigned To: Ersin Er
> Fix For: 1.1.0, 1.0-RC4
>
>
> As stated in X.501 L.4:
> "If granted, allows entries, including all subordinates, to be relocated at the designated location in the DIT
> in a ModifyDN operation. Import is only meaningful as prescriptive ACI."
> However our current implementation considers also entry ACIs that includes Import permissions.
> Here is a code snippet from our implementation:
> Collection destTuples = new HashSet();
> addPerscriptiveAciTuples( proxy, destTuples, oriChildName, entry );
> addEntryAciTuples( destTuples, entry );
> addSubentryAciTuples( proxy, destTuples, oriChildName, entry );
> engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), oriChildName, null,
> null, IMPORT_PERMS, tuples, entry );
> The line
> addEntryAciTuples( destTuples, entry );
> needs to be removed in from the relevant code parts.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira