Access control permission Import is only meaningful for prescriptive ACI
------------------------------------------------------------------------
Key: DIRSERVER-725
URL: http://issues.apache.org/jira/browse/DIRSERVER-725
Project: Directory ApacheDS
Issue Type: Bug
Affects Versions: pre-1.0, 1.0-RC1, 1.0-RC2, 1.0-RC3, 1.1.0, 1.0-RC4
Reporter: Ersin Er
Fix For: 1.1.0, 1.0-RC4
As stated in X.501 L.4:
"If granted, allows entries, including all subordinates, to be relocated at the
designated location in the DIT
in a ModifyDN operation. Import is only meaningful as prescriptive ACI."
However our current implementation considers also entry ACIs that includes
Import permissions.
Here is a code snippet from our implementation:
Collection destTuples = new HashSet();
addPerscriptiveAciTuples( proxy, destTuples, oriChildName, entry );
addEntryAciTuples( destTuples, entry );
addSubentryAciTuples( proxy, destTuples, oriChildName, entry );
engine.checkPermission( proxy, userGroups, userName,
principal.getAuthenticationLevel(), oriChildName, null,
null, IMPORT_PERMS, tuples, entry );
The line
addEntryAciTuples( destTuples, entry );
needs to be removed in from the relevant code parts.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
