tomaswolf commented on issue #282:
URL: https://github.com/apache/mina-sshd/issues/282#issuecomment-1343137681
@rmischke-dlr : how about this:
```
// Remove all access rights from non-owners.
List<AclEntry> restricted = new ArrayList<>();
for (AclEntry acl : view.getAcl()) {
if (owner.equals(acl.principal())) {
// We explicitly give the owner full access permissions below.
continue;
}
if (AclEntryType.ALLOW.equals(acl.type())) {
// We can't use DENY access: if the owner is member of a group and
we deny the group
// access, the owner won't be able to perform the access. Instead
of denying permissions
// simply allow nothing.
restricted.add(AclEntry.newBuilder()
.setType(AclEntryType.ALLOW)
.setPrincipal(acl.principal())
.setPermissions(Collections.emptySet())
.build());
} else {
// DENY, AUDIT, and ALARM: keep them. The owner has successfully
created the file, so any
// existing DENY entries are assumed not to have any influence on
reading from or writing to
// this file by the owner.
restricted.add(acl);
}
}
// Ensure the owner has all the necessary rights to work with this file.
Set<AclEntryPermission> neededPermissions =
EnumSet.allOf(AclEntryPermission.class);
neededPermissions.remove(AclEntryPermission.DELETE_CHILD);
neededPermissions.remove(AclEntryPermission.LIST_DIRECTORY);
restricted.add(AclEntry.newBuilder()
.setType(AclEntryType.ALLOW)
.setPrincipal(owner)
.setPermissions(neededPermissions)
.build());
view.setAcl(restricted);
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
