directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Adamson <mikeat...@gmail.com>
Subject Re: [jira] [Closed] (DIRSERVER-1625) Cannot modify a prescriptiveAci on a subEntry
Date Tue, 21 Jun 2011 08:58:56 GMT
Hi Kiran,

Unfortunately this does not fix the case of attempting to modify a
prescriptiveAci using a userSession. This still fails on the latest trunk. I
have made this work locally by changing the code in the
AciAuthorizationInterceptor.modify method from:

        Entry modifiedEntry = modifyContext.lookup( dn,
ByPassConstants.LOOKUP_BYPASS );
        tupleCache.subentryModified( dn, mods, modifiedEntry );
        groupCache.groupModified( dn, mods, entry, schemaManager );

to:

        Entry modifiedEntry = modifyContext.lookup( dn,
ByPassConstants.LOOKUP_BYPASS, "+" );
        tupleCache.subentryModified( dn, mods, modifiedEntry );
        groupCache.groupModified( dn, mods, entry, schemaManager );

Do you want me to open this jira again?

Thanks,

Mike Adamson

On 21 June 2011 09:03, Kiran Ayyagari (JIRA) <jira@apache.org> wrote:

>
>     [
> https://issues.apache.org/jira/browse/DIRSERVER-1625?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel]
>
> Kiran Ayyagari closed DIRSERVER-1625.
> -------------------------------------
>
>    Resolution: Won't Fix
>      Assignee: Kiran Ayyagari
>
> this issue has been fixed in the rev 1129732 (on 31 May), can you try with
> the latest trunk.
>
> OTOH,
> I have tested this with a new test given below
>
>    @Test
>    public void testModifyPrescriptiveAciOpAttribute() throws Exception
>    {
>        AutzIntegUtils.service = service;
>
>        String identPrefix = "{ identificationTag
> \"testModifyPrescriptiveAci\", ";
>
>        String restOfAci = " precedence 14, " + "  authenticationLevel none,
> " + "  itemOrUserFirst userFirst: " + "  { "
>                            + "    userClasses { thisEntry }, " + "
>  userPermissions " + "    { " + "      { "
>                            + "        protectedItems {entry}, " + "
>  grantsAndDenials { grantModify, grantBrowse, grantRead } "
>                            + "      }, " + "      { " + "
>  protectedItems {allAttributeValues {userPassword}}, "
>                            + "        grantsAndDenials { grantAdd,
> grantRemove } " + "      } " + "    } " + "  } " + "}";
>
>        createAccessControlSubentry( "testModifyPrescriptiveAci",
> identPrefix + restOfAci );
>
>        CoreSession session = service.getAdminSession();
>
>        Dn subEntryDn =new Dn( service.getSchemaManager(),
> "cn=testModifyPrescriptiveAci,ou=system" );
>        System.out.println( session.lookup( subEntryDn, "+" ) );
>
>        Attribute prescriptiveAciAt = new DefaultAttribute(
> SchemaConstants.PRESCRIPTIVE_ACI_AT );
>
>        String newAci = "{ identificationTag
> \"dirsrvr-1625ModifyPrescriptiveAci\", " + restOfAci;
>        prescriptiveAciAt.add( newAci );
>
>        ModifyRequest modReq = new ModifyRequestImpl();
>        modReq.setName( subEntryDn );
>        modReq.replace( SchemaConstants.PRESCRIPTIVE_ACI_AT, newAci );
>        session.modify( modReq );
>
>        Entry subEntry = session.lookup( subEntryDn, "+" );
>        System.out.println( subEntry );
>        assertEquals( newAci, subEntry.get(
> SchemaConstants.PRESCRIPTIVE_ACI_AT ).getString() );
>    }
>
>
>
> > Cannot modify a prescriptiveAci on a subEntry
> > ---------------------------------------------
> >
> >                 Key: DIRSERVER-1625
> >                 URL:
> https://issues.apache.org/jira/browse/DIRSERVER-1625
> >             Project: Directory ApacheDS
> >          Issue Type: Bug
> >          Components: core
> >            Reporter: Mike Adamson
> >            Assignee: Kiran Ayyagari
> >
> > Attempting to replace an aci on a subEntry using a user session with the
> following:
> > ModifyRequest modifyRequest = new
> ModifyRequestImpl().setName(subEntryDn).replace(aciAttribute);
> > session.modify(modifyRequest);
> > results in a LdapSchemaViolationException
> > I have tracked this down to this block of code at the bottom of the
> AciAuthorizationInterceptor.modify method:
> >         Entry modifiedEntry = modifyContext.lookup( dn,
> ByPassConstants.LOOKUP_BYPASS );
> >         tupleCache.subentryModified( dn, mods, modifiedEntry );
> >         groupCache.groupModified( dn, mods, entry, schemaManager );
>
> --
> This message is automatically generated by JIRA.
> For more information on JIRA, see: http://www.atlassian.com/software/jira
>
>
>

Mime
View raw message