Directory ApacheDS
  1. Directory ApacheDS
  2. DIRSERVER-725

Access control permission Import is only meaningful for prescriptive ACI

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: pre-1.0, 1.0-RC1, 1.0-RC2, 1.0-RC3, 1.0-RC4, 1.5.0
    • Fix Version/s: 1.0-RC4, 1.5.0
    • Component/s: None
    • Labels:
      None

      Description

      As stated in X.501 L.4:

      "If granted, allows entries, including all subordinates, to be relocated at the designated location in the DIT
      in a ModifyDN operation. Import is only meaningful as prescriptive ACI."

      However our current implementation considers also entry ACIs that includes Import permissions.

      Here is a code snippet from our implementation:

      Collection destTuples = new HashSet();
      addPerscriptiveAciTuples( proxy, destTuples, oriChildName, entry );
      addEntryAciTuples( destTuples, entry );
      addSubentryAciTuples( proxy, destTuples, oriChildName, entry );
      engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), oriChildName, null,
      null, IMPORT_PERMS, tuples, entry );

      The line
      addEntryAciTuples( destTuples, entry );
      needs to be removed in from the relevant code parts.

        Activity

        Hide
        Ersin Er added a comment -
        Show
        Ersin Er added a comment - Fixed for 1.0 here: http://svn.apache.org/viewvc?rev=438396&view=rev
        Hide
        Ersin Er added a comment -
        Show
        Ersin Er added a comment - Fixed for 1.1 here: http://svn.apache.org/viewvc?rev=438406&view=rev

          People

          • Assignee:
            Ersin Er
            Reporter:
            Ersin Er
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development