[JIRA] Closed: (NXP-657) Make the CoreSession implementations check security on atomic permissions

Fri, 04 May 2007 05:51:00 -0700

Issue (View Online)

Key: NXP-657
Issue Type: Bug Bug
Status: Closed Closed
Priority: Minor Minor
Resolution: Won't Fix
Assignee: Bogdan Stefanescu
Reporter: Olivier Grisel

Operations

View all
View comments
View history
Make the CoreSession implementations check security on atomic permissions 
Updated: 04/05/07 14:49   Created: 22/02/07 14:57  

The following issue has been closed.

Project: Nuxeo Enterprise Platform 5
Components: Core, Security
Affects Versions: 5.0.0 GA
Fix Versions: 5.1 M2

 Description   
Currently the AbstractSession implementation check security on compund permissions such as READ and WRITE for which the semantics are undefined. Permissions checks should be done on atomic permissions such as BROWSE, READ_PROPERTIES, WRITE_PROPERTIES, ...

ptiyours% jf checkPermission |grep "WRITE)"
./org.nuxeo.ecm.core.repository/src/org/nuxeo/ecm/core/api/AbstractSession.java:313: checkPermission(dstDoc, WRITE);
./org.nuxeo.ecm.core.repository/src/org/nuxeo/ecm/core/api/AbstractSession.java:345: checkPermission(dstDoc, WRITE);
./org.nuxeo.ecm.core.repository/src/org/nuxeo/ecm/core/api/AbstractSession.java:346: checkPermission(srcDoc, WRITE);
./org.nuxeo.ecm.core.repository/src/org/nuxeo/ecm/core/api/AbstractSession.java:914: checkPermission(doc, WRITE);
./org.nuxeo.ecm.core.repository/src/org/nuxeo/ecm/core/api/AbstractSession.java:932: checkPermission(doc, WRITE);
./org.nuxeo.ecm.core.repository/src/org/nuxeo/ecm/core/api/AbstractSession.java:1062: checkPermission(doc, WRITE);
./org.nuxeo.ecm.core.repository/src/org/nuxeo/ecm/core/api/AbstractSession.java:1077: checkPermission(doc, WRITE);
./org.nuxeo.ecm.core.repository/src/org/nuxeo/ecm/core/api/AbstractSession.java:1094: checkPermission(doc, WRITE);
./org.nuxeo.ecm.core.repository/src/org/nuxeo/ecm/core/api/AbstractSession.java:1513: checkPermission(doc, WRITE);
ptiyours% jf checkPermission |grep "READ)"
./org.nuxeo.ecm.core.repository/src/org/nuxeo/ecm/core/api/AbstractSession.java:504: checkPermission(child, READ);
./org.nuxeo.ecm.core.repository/src/org/nuxeo/ecm/core/api/AbstractSession.java:565: checkPermission(doc, READ);
./org.nuxeo.ecm.core.repository/src/org/nuxeo/ecm/core/api/AbstractSession.java:577: checkPermission(doc, READ);
./org.nuxeo.ecm.core.repository/src/org/nuxeo/ecm/core/api/AbstractSession.java:683: checkPermission(parentDoc, READ);
./org.nuxeo.ecm.core.repository/src/org/nuxeo/ecm/core/api/AbstractSession.java:1125: checkPermission(doc, READ);
./org.nuxeo.ecm.core.repository/src/org/nuxeo/ecm/core/api/AbstractSession.java:1142: checkPermission(doc, READ);
./org.nuxeo.ecm.core.repository/src/org/nuxeo/ecm/core/api/AbstractSession.java:1228: checkPermission(doc, READ);
./org.nuxeo.ecm.core.repository/src/org/nuxeo/ecm/core/api/AbstractSession.java:1244: checkPermission(doc, READ);
./org.nuxeo.ecm.core.repository/src/org/nuxeo/ecm/core/api/AbstractSession.java:1261: checkPermission(doc, READ);
./org.nuxeo.ecm.core.repository/src/org/nuxeo/ecm/core/api/AbstractSession.java:1288: checkPermission(doc, READ);
./org.nuxeo.ecm.core.repository/src/org/nuxeo/ecm/core/api/AbstractSession.java:1471: // :: checkPermission(parentDoc, READ);
./org.nuxeo.ecm.core.repository/src/org/nuxeo/ecm/core/api/AbstractSession.java:1503: checkPermission(doc, READ);

Same remark holds for hasPermission instead of checkPermission.

This message was automatically generated by Atlassian JIRA Enterprise Edition, Version: 3.7.2-186 - Bug/feature request.
If you think it was sent incorrectly, contact one of this server's administrators. 

_______________________________________________
ECM-tickets mailing list
[email protected]
http://lists.nuxeo.com/mailman/listinfo/ecm-tickets

Reply via email to