directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ersin Er (JIRA)" <j...@apache.org>
Subject [jira] Created: (DIRSERVER-725) Access control permission Import is only meaningful for prescriptive ACI
Date Tue, 29 Aug 2006 20:18:25 GMT
Access control permission Import is only meaningful for prescriptive ACI
------------------------------------------------------------------------

                 Key: DIRSERVER-725
                 URL: http://issues.apache.org/jira/browse/DIRSERVER-725
             Project: Directory ApacheDS
          Issue Type: Bug
    Affects Versions: pre-1.0, 1.0-RC1, 1.0-RC2, 1.0-RC3, 1.1.0, 1.0-RC4
            Reporter: Ersin Er
             Fix For: 1.1.0, 1.0-RC4


As stated in X.501 L.4:

"If granted, allows entries, including all subordinates, to be relocated at the designated
location in the DIT
in a ModifyDN operation. Import is only meaningful as prescriptive ACI."

However our current implementation considers also entry ACIs that includes Import permissions.

Here is a code snippet from our implementation:

Collection destTuples = new HashSet();
        addPerscriptiveAciTuples( proxy, destTuples, oriChildName, entry );
        addEntryAciTuples( destTuples, entry );
        addSubentryAciTuples( proxy, destTuples, oriChildName, entry );
        engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(),
oriChildName, null,
            null, IMPORT_PERMS, tuples, entry );

The line
addEntryAciTuples( destTuples, entry );
needs to be removed in from the relevant code parts.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message