directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kiran Ayyagari (JIRA)" <j...@apache.org>
Subject [jira] [Closed] (DIRSERVER-1625) Cannot modify a prescriptiveAci on a subEntry
Date Tue, 21 Jun 2011 08:03:47 GMT

     [ https://issues.apache.org/jira/browse/DIRSERVER-1625?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Kiran Ayyagari closed DIRSERVER-1625.
-------------------------------------

    Resolution: Won't Fix
      Assignee: Kiran Ayyagari

this issue has been fixed in the rev 1129732 (on 31 May), can you try with the latest trunk.

OTOH,
I have tested this with a new test given below

    @Test
    public void testModifyPrescriptiveAciOpAttribute() throws Exception
    {
        AutzIntegUtils.service = service;
        
        String identPrefix = "{ identificationTag \"testModifyPrescriptiveAci\", ";
        
        String restOfAci = " precedence 14, " + "  authenticationLevel none, " + "  itemOrUserFirst
userFirst: " + "  { "
                            + "    userClasses { thisEntry }, " + "    userPermissions " +
"    { " + "      { "
                            + "        protectedItems {entry}, " + "        grantsAndDenials
{ grantModify, grantBrowse, grantRead } "
                            + "      }, " + "      { " + "        protectedItems {allAttributeValues
{userPassword}}, "
                            + "        grantsAndDenials { grantAdd, grantRemove } " + "  
   } " + "    } " + "  } " + "}";
        
        createAccessControlSubentry( "testModifyPrescriptiveAci", identPrefix + restOfAci
);
        
        CoreSession session = service.getAdminSession();
        
        Dn subEntryDn =new Dn( service.getSchemaManager(), "cn=testModifyPrescriptiveAci,ou=system"
);
        System.out.println( session.lookup( subEntryDn, "+" ) );
        
        Attribute prescriptiveAciAt = new DefaultAttribute( SchemaConstants.PRESCRIPTIVE_ACI_AT
);
        
        String newAci = "{ identificationTag \"dirsrvr-1625ModifyPrescriptiveAci\", " + restOfAci;
        prescriptiveAciAt.add( newAci );
        
        ModifyRequest modReq = new ModifyRequestImpl();
        modReq.setName( subEntryDn );
        modReq.replace( SchemaConstants.PRESCRIPTIVE_ACI_AT, newAci );
        session.modify( modReq );
        
        Entry subEntry = session.lookup( subEntryDn, "+" );
        System.out.println( subEntry );
        assertEquals( newAci, subEntry.get( SchemaConstants.PRESCRIPTIVE_ACI_AT ).getString()
);
    }



> Cannot modify a prescriptiveAci on a subEntry
> ---------------------------------------------
>
>                 Key: DIRSERVER-1625
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1625
>             Project: Directory ApacheDS
>          Issue Type: Bug
>          Components: core
>            Reporter: Mike Adamson
>            Assignee: Kiran Ayyagari
>
> Attempting to replace an aci on a subEntry using a user session with the following:
> ModifyRequest modifyRequest = new ModifyRequestImpl().setName(subEntryDn).replace(aciAttribute);
> session.modify(modifyRequest);
> results in a LdapSchemaViolationException
> I have tracked this down to this block of code at the bottom of the AciAuthorizationInterceptor.modify
method:
>         Entry modifiedEntry = modifyContext.lookup( dn, ByPassConstants.LOOKUP_BYPASS
);
>         tupleCache.subentryModified( dn, mods, modifiedEntry );
>         groupCache.groupModified( dn, mods, entry, schemaManager );

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message