You are viewing a plain text version of this content. The canonical link for it is here.
Posted to slide-dev@jakarta.apache.org by James Mason <Ma...@ah.org> on 2004/06/23 23:44:31 UTC

Bug in acl inheritance

I'm running in to a bug where Slide reports that an ace on a collection
is inherited from that collection. I've reproduced this using the Tomcat
5 bundle of Slide 2.0, the Tomcat 5 bundle of Slide 2.1M1, and the
Tomcat 5 bundle of Slide 2.1M1 using a JDBC Store. The bug only appears
for collections that have children, and only after accessing the
collection or a child of the collection. Restarting the server fixes the
error, but it returns as soon as you access the collection again.

I'm hoping that someone who has a knowledge of the code in question can
either fix this or explain what should be happening where well enough
for me to track down what's causing this.

Below is a transcript of how I've been able to produce the bug. Notice
that the "inherited from" field for the newly granted permission changes
after creating the /slide/temp/foo collection.

#################### copy/paste #####################

C:\jakarta-slide-webdavclient-bin-2.0\bin>run
[ Slide ] $ open http://localhost:8080/slide/ 
connect http://localhost:8080/slide/ 
Jun 23, 2004 2:13:23 PM org.apache.commons.httpclient.HttpMethodBase
processAuthenticationResponse
WARNING: No credentials available for the 'Slide DAV Server'
authentication realm at localhost
UserName: root
Password: root
[LOCALHOST] /slide/ $ mkcol /slide/files/temp
Making '/slide/files/temp' collection: succeeded.
[LOCALHOST] /slide/ $ acl /slide/files/temp

ACL for /slide/files/temp:
------------------------------------------------------------
granted to unauthenticated    (not protected)   (inherited from
'/slide/files')
   DAV:all
granted to /slide/roles/user    (not protected)   (inherited from
'/slide/files')
   DAV:write
granted to property    (not protected)   (inherited from
'/slide/files')
   DAV:read-acl
granted to /slide/roles/root    (not protected)   (inherited from
'/slide/')
   DAV:all
denied to all    (not protected)   (inherited from '/slide/')
   DAV:read-acl
   DAV:write-acl
   DAV:unlock
granted to all    (not protected)   (inherited from '/slide/')
   DAV:read
------------------------------------------------------------
[LOCALHOST] /slide/ $ grant read-acl on /slide/files/temp to
/roles/user
grant DAV::read-acl on /slide/files/temp to /roles/user
[LOCALHOST] /slide/ $ acl /slide/files/temp

ACL for /slide/files/temp:
------------------------------------------------------------
granted to /slide/roles/user    (not protected)   (not inherited)
   DAV:read-acl
granted to unauthenticated    (not protected)   (inherited from
'/slide/files')
   DAV:all
granted to /slide/roles/user    (not protected)   (inherited from
'/slide/files')
   DAV:write
granted to property    (not protected)   (inherited from
'/slide/files')
   DAV:read-acl
granted to /slide/roles/root    (not protected)   (inherited from
'/slide/')
   DAV:all
denied to all    (not protected)   (inherited from '/slide/')
   DAV:read-acl
   DAV:write-acl
   DAV:unlock
granted to all    (not protected)   (inherited from '/slide/')
   DAV:read
------------------------------------------------------------
[LOCALHOST] /slide/ $ mkcol /slide/files/temp/foo
Making '/slide/files/temp/foo' collection: succeeded.
[LOCALHOST] /slide/ $ acl /slide/files/temp

ACL for /slide/files/temp:
------------------------------------------------------------
granted to /slide/roles/user    (not protected)   (inherited from
'/slide/files/temp')
   DAV:read-acl
granted to unauthenticated    (not protected)   (inherited from
'/slide/files')
   DAV:all
granted to /slide/roles/user    (not protected)   (inherited from
'/slide/files')
   DAV:write
granted to property    (not protected)   (inherited from
'/slide/files')
   DAV:read-acl
granted to /slide/roles/root    (not protected)   (inherited from
'/slide/')
   DAV:all
denied to all    (not protected)   (inherited from '/slide/')
   DAV:read-acl
   DAV:write-acl
   DAV:unlock
granted to all    (not protected)   (inherited from '/slide/')
   DAV:read
------------------------------------------------------------
[LOCALHOST] /slide/ $

######################## end #########################

Thanks,
James

---------------------------------------------------------------------
To unsubscribe, e-mail: slide-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-dev-help@jakarta.apache.org