manifoldcf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Karl Wright (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (CONNECTORS-1401) Documentum Authority does not properly exclude ACLs that include negative groups or users
Date Thu, 06 Apr 2017 22:47:41 GMT

     [ https://issues.apache.org/jira/browse/CONNECTORS-1401?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Karl Wright updated CONNECTORS-1401:
------------------------------------
    Attachment: CONNECTORS-1401.patch

Here's a patch.  Please let me know if it works.


> Documentum Authority does not properly exclude ACLs that include negative groups or users
> -----------------------------------------------------------------------------------------
>
>                 Key: CONNECTORS-1401
>                 URL: https://issues.apache.org/jira/browse/CONNECTORS-1401
>             Project: ManifoldCF
>          Issue Type: Bug
>          Components: Documentum connector
>    Affects Versions: ManifoldCF 2.5
>            Reporter: Karl Wright
>            Assignee: Karl Wright
>             Fix For: ManifoldCF 2.7
>
>         Attachments: CONNECTORS-1401.patch
>
>
> The Documentum Authority currently returns a list of ACL names, which it gets using the
following DQL query:
> {code}
> SELECT DISTINCT A.owner_name, A.object_name FROM dm_acl A WHERE
>             A.object_name NOT LIKE 'dm_%' AND (
>             (any (A.r_accessor_name IN ('" + strAccessToken + "', 'dm_world') AND r_accessor_permit>2)
>             OR (any (A.r_accessor_name='dm_owner' AND A.r_accessor_permit>2) AND A.owner_name="
+ quoteDQLString(strAccessToken) + ")
>             OR (ANY (A.r_accessor_name in (SELECT G.group_name FROM dm_group G WHERE
ANY G.i_all_users_names = " + quoteDQLString(strAccessToken) + ")
>             AND r_accessor_permit>2)) )
> {code}
> The query should be modified to block all ACLs that have r_accessor_permit <= 2, since
those are "denied" access.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message