Description of problem:
ACL rule like:
acl allow all delete queue autodelete=true
should allow deletion of autodelete queues only. While any queue can be deleted. The same applies to any object's property other than queue's name (see Broker::deleteQueue method and how acl->authorise is called).
The same applies not only to queues but also to exchanges.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. cat <acl-file>
- simply allow all except for deleting non-durable queue
acl allow-log all consume all
acl allow-log all publish all
acl allow-log all create all
acl allow-log all access all
acl allow-log all bind all
acl allow-log all unbind all
acl allow-log all purge all
acl allow-log all update all
acl allow-log all delete exchange
acl allow-log all delete queue durable=true
acl deny-log all all
2. Start broker with auth=yes and the ACL file
3. qpid-config -b admin/admin@localhost:5672 add queue TransientQueue
4. qpid-config -b admin/admin@localhost:5672 del queue TransientQueue
Steps 3 and 4 pass.
Deleting queue should fail, as the queue is not durable.
In fact, even creating the queue that way should raise an exception, as deleting auxiliary queue named like "4135cd9e-04b8-4cef-bcd0-5404444d7a04:0.0" (where the qpid-config gets response) should fail.
Same scenarios are applicable for all other queue properties and/or exchange properties. Just queue/exchange name is checked.
|Status||Open [ 1 ]||Resolved [ 5 ]|
|Fix Version/s||0.23 [ 12324273 ]|
|Resolution||Fixed [ 1 ]|
|Status||Resolved [ 5 ]||Closed [ 6 ]|