directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ersin Er" <ersin...@gmail.com>
Subject [ApacheDS][ACI] ATTRIBUTE_VALUE Operation Scope
Date Wed, 04 Jul 2007 10:31:55 GMT
Hi,

As I am browsing the Authorization code and doing some tests, I saw
that we do not have a ATTRIBUTE_VALUE scope in the following class:
http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/OperationScope.java?view=markup

IMO, we need such an operation scope because in a case where you have
allAttributeValues protectedItem with grantAdd permission you should
be only allowed to add new values to an existing attribute. So this
kind of operation only deals with values, not attribute type or not
both.

If I am right, not handling this operation scope causes several
problems in the Authorization system which is the real problem. I
still need to write some tests and figure out which part of the code
really deals with handling those scopes.

I just wanted to inform you and get you ideas on the topic if any.

Thanks.

-- 
Ersin

Mime
View raw message