Fixed. https://issues.apache.org/jira/browse/DIRSERVER-989
On 7/6/07, Alex Karasulu <[EMAIL PROTECTED]> wrote:
Hi Ersin, Please fix as you see fit. You're the most knowledgeable of us all on this topic. I understand what you're stating and it is a subtle issue that was not easy for many to understand. Hope the fix is a quick and easy one. Alex On 7/4/07, Ersin Er <[EMAIL PROTECTED]> wrote: > Well, I think there is a solution without introducing a new Operation > Scope. I'll commit it soon. > > On 7/4/07, Ersin Er <[EMAIL PROTECTED]> wrote: > > Let me extend the topic a little bit, > > > > The problem (that I think is) I faced is that when a user has only > > grantAdd permission for allAttributeValues he/she should not be able > > to add a new instance of the attribute to the entry. It only allows > > adding a new value to an existing attribute. However it's not the case > > for ApacheDS now. It allows adding new attributes although having only > > grantAdd for allAttributeValues. This is also demonstrated in the > > current unit tests: > > > > http://svn.apache.org/viewvc/directory/apacheds/trunk/core-unit/src/test/java/org/apache/directory/server/core/authz/ModifyAuthorizationITest.java?view=markup > > > > If I am right, these tests (as well as some others possibly) will need > > to change too. > > > > On 7/4/07, Ersin Er <[EMAIL PROTECTED]> wrote: > > > Hi, > > > > > > As I am browsing the Authorization code and doing some tests, I saw > > > that we do not have a ATTRIBUTE_VALUE scope in the following class: > > > http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/OperationScope.java?view=markup > > > > > > IMO, we need such an operation scope because in a case where you have > > > allAttributeValues protectedItem with grantAdd permission you should > > > be only allowed to add new values to an existing attribute. So this > > > kind of operation only deals with values, not attribute type or not > > > both. > > > > > > If I am right, not handling this operation scope causes several > > > problems in the Authorization system which is the real problem. I > > > still need to write some tests and figure out which part of the code > > > really deals with handling those scopes. > > > > > > I just wanted to inform you and get you ideas on the topic if any. > > > > > > Thanks. > > > > > > -- > > > Ersin > > > > > > > > > -- > > Ersin Er > > > > R.A. and Ph.D Student at the Dept. of Computer Eng. in Hacettepe University > > http://www.cs.hacettepe.edu.tr > > > > Committer and PMC Member of The Apache Directory Project > > http://directory.apache.org > > > > > -- > Ersin Er > > R.A. and Ph.D Student at the Dept. of Computer Eng. in Hacettepe University > http://www.cs.hacettepe.edu.tr > > Committer and PMC Member of The Apache Directory Project > http://directory.apache.org >
-- Ersin Er R.A. and Ph.D Student at the Dept. of Computer Eng. in Hacettepe University http://www.cs.hacettepe.edu.tr Committer and PMC Member of The Apache Directory Project http://directory.apache.org
