You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by "Niklas Gustavsson (JIRA)" <ji...@apache.org> on 2008/09/01 22:04:44 UTC
[jira] Closed: (FTPSERVER-152)
NativeFileObject.hasDeletePermission() not working as expected.
[ https://issues.apache.org/jira/browse/FTPSERVER-152?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Niklas Gustavsson closed FTPSERVER-152.
---------------------------------------
Resolution: Fixed
Patch commited. Thanks for both the patch and the test, great work!
svn -m "Improve delete permission handling on native file system (FTPSERVER-152). Patch by David Latorre" commit
Sending core/src/main/java/org/apache/ftpserver/filesystem/NativeFileObject.java
Sending core/src/test/java/org/apache/ftpserver/filesystem/NativeFileObjectTest.java
Transmitting file data ..
Committed revision 691042.
> NativeFileObject.hasDeletePermission() not working as expected.
> ----------------------------------------------------------------
>
> Key: FTPSERVER-152
> URL: https://issues.apache.org/jira/browse/FTPSERVER-152
> Project: FtpServer
> Issue Type: Bug
> Affects Versions: 1.0-M2
> Reporter: David Latorre
> Assignee: Niklas Gustavsson
> Fix For: 1.0-M3
>
> Attachments: NativeFileObjectTest.patch
>
> Original Estimate: 0.17h
> Remaining Estimate: 0.17h
>
> In the current implementation, "hasDeletePermission" in NativeFileObject delegates to hasWritePermission in order to check whether a file can be deleted or not. But, in most environments, a file can be deleted when it is parent directory is writable, no matter if the file is writable itself or not. I attach a fix which attempts to preserve both options: it will check FTPServer's write permission for the actual file and if its parent directory is writable.
> public boolean hasDeletePermission() {
> // root cannot be deleted
> if ("/".equals(fileName)) {
> return false;
> }
> /* Added 12/08/2008: in the case that the permission is not explicitly denied for this file
> * we will check if the parent file has write permission as most systems consider that a file can
> * be deleted when their parent directory is writable.
> */
> String fullName=getFullName();
>
> // we check FTPServer's write permission for this file.
> if (user.authorize(new WriteRequest(fullName)) == null) {
> return false;
> }
> // In order to mantain consistency, when possible we delete the last '/' character in the String
> int indexOfSlash=fullName.lastIndexOf('/');
> String parentFullName;
> if (indexOfSlash==0){
> parentFullName="/";
> }
> else{
> parentFullName=fullName.substring(0,indexOfSlash);
> }
>
> // we check if the parent FileObject is writable.
> NativeFileObject parentObject=new NativeFileObject(parentFullName,file.getAbsoluteFile().getParentFile(),user);
> return parentObject.hasWritePermission();
> }
>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.