You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by "Niklas Gustavsson (JIRA)" <ji...@apache.org> on 2008/09/01 22:04:44 UTC

[jira] Closed: (FTPSERVER-152) NativeFileObject.hasDeletePermission() not working as expected.

     [ https://issues.apache.org/jira/browse/FTPSERVER-152?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Niklas Gustavsson closed FTPSERVER-152.
---------------------------------------

    Resolution: Fixed

Patch commited. Thanks for both the patch and the test, great work!

svn -m "Improve delete permission handling on native file system (FTPSERVER-152). Patch by David Latorre" commit
Sending        core/src/main/java/org/apache/ftpserver/filesystem/NativeFileObject.java
Sending        core/src/test/java/org/apache/ftpserver/filesystem/NativeFileObjectTest.java
Transmitting file data ..
Committed revision 691042.


> NativeFileObject.hasDeletePermission()  not working as expected.
> ----------------------------------------------------------------
>
>                 Key: FTPSERVER-152
>                 URL: https://issues.apache.org/jira/browse/FTPSERVER-152
>             Project: FtpServer
>          Issue Type: Bug
>    Affects Versions: 1.0-M2
>            Reporter: David Latorre
>            Assignee: Niklas Gustavsson
>             Fix For: 1.0-M3
>
>         Attachments: NativeFileObjectTest.patch
>
>   Original Estimate: 0.17h
>  Remaining Estimate: 0.17h
>
> In the current implementation, "hasDeletePermission" in NativeFileObject delegates to hasWritePermission in order to check whether a file can be deleted or not. But, in most environments, a file can be deleted when it is parent directory is writable, no matter if the file is writable itself or not. I attach a fix which attempts to preserve both options: it will check FTPServer's write permission for the actual file and if its parent directory is writable.
>  public boolean hasDeletePermission() {
>         // root cannot be deleted
>         if ("/".equals(fileName)) {
>             return false;
>         }
>         /*  Added 12/08/2008: in the case that the permission is not explicitly denied for this file
>          *  we will check if the parent file has write permission as most systems consider that a file can 
>          *  be deleted when their parent directory is writable.
>         */
>         String fullName=getFullName();
>         
>         // we check FTPServer's write permission for this file.
>         if (user.authorize(new WriteRequest(fullName)) == null) {
>             return false;
>         }  
>         // In order to mantain consistency, when possible we delete the last '/' character in the String
>         int indexOfSlash=fullName.lastIndexOf('/');
>         String parentFullName;
>         if (indexOfSlash==0){
>         	parentFullName="/";
>         }
>         else{
>         	parentFullName=fullName.substring(0,indexOfSlash);
>         }
>         
>         // we check if the parent FileObject is writable.                
>         NativeFileObject parentObject=new NativeFileObject(parentFullName,file.getAbsoluteFile().getParentFile(),user);
>         return parentObject.hasWritePermission();
>     }
>  

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.