Re: Bug in acl inheritance

Wed, 23 Jun 2004 17:15:15 -0700 

I've tracked the problem down a bit further. Debugging
org.apache.slide.security.SecurityImpl.enumeratePermissions(SlideToken,String,boolean)
here is what I found:

The first time an acl is requested the inheritedFrom property of all
the NodePermission objects is set to null.

The second time an acl is requested the inheritedFrom property of all
the NodePermission objects is set to the proper path, except for any
NodePermissions for the current object which are set to null.

After accessing the collection and requesting the acl a third time
*all* of the inheritedFrom properties are set to the path they come
from, including NodePermissions for the current object.

I haven't read the appropriate RFCs, so I don't know if this is really
a bug or not. The webdav client code assumes that if an ace has *any*
value for inheritedFrom than that ace doesn't come from the current
object. Maybe this is an invalid assumption.

Anyway, attached is a patch to SecurityImpl that sets inheritedFrom to
null for any NodePermission that comes from the current object. This at
least allows the client to add more than one permission to an acl. I
haven't tried deleting a broken permission yet, but I'm guessing that
will still fail.

-James

Index: SecurityImpl.java
===================================================================
RCS file: 
/home/cvspublic/jakarta-slide/src/share/org/apache/slide/security/SecurityImpl.java,v
retrieving revision 1.48
diff -u -r1.48 SecurityImpl.java
--- SecurityImpl.java   5 Jun 2004 12:20:20 -0000       1.48
+++ SecurityImpl.java   24 Jun 2004 00:00:20 -0000
@@ -782,6 +782,9 @@
                 while (permEnum.hasMoreElements()) {
                     NodePermission perm = (NodePermission)permEnum.nextElement();
                     if (object.equals(oNode.getUri())) {
+                       // FIXME A node should not be able to inherit permissions from 
itself.
+                       // Hide this from the client when it happens.
+                       perm.setInheritedFrom(null);
                         permissions.add(perm);
                     }
                     else if (perm.isInheritable()) {


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to