Hi Kiran,
Unfortunately this does not fix the case of attempting to modify a
prescriptiveAci using a userSession. This still fails on the latest trunk. I
have made this work locally by changing the code in the
AciAuthorizationInterceptor.modify method from:
Entry modifiedEntry = modifyContext.lookup( dn,
ByPassConstants.LOOKUP_BYPASS );
tupleCache.subentryModified( dn, mods, modifiedEntry );
groupCache.groupModified( dn, mods, entry, schemaManager );
to:
Entry modifiedEntry = modifyContext.lookup( dn,
ByPassConstants.LOOKUP_BYPASS, "+" );
tupleCache.subentryModified( dn, mods, modifiedEntry );
groupCache.groupModified( dn, mods, entry, schemaManager );
Do you want me to open this jira again?
Thanks,
Mike Adamson
On 21 June 2011 09:03, Kiran Ayyagari (JIRA) <[email protected]> wrote:
>
> [
> https://issues.apache.org/jira/browse/DIRSERVER-1625?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel]
>
> Kiran Ayyagari closed DIRSERVER-1625.
> -------------------------------------
>
> Resolution: Won't Fix
> Assignee: Kiran Ayyagari
>
> this issue has been fixed in the rev 1129732 (on 31 May), can you try with
> the latest trunk.
>
> OTOH,
> I have tested this with a new test given below
>
> @Test
> public void testModifyPrescriptiveAciOpAttribute() throws Exception
> {
> AutzIntegUtils.service = service;
>
> String identPrefix = "{ identificationTag
> \"testModifyPrescriptiveAci\", ";
>
> String restOfAci = " precedence 14, " + " authenticationLevel none,
> " + " itemOrUserFirst userFirst: " + " { "
> + " userClasses { thisEntry }, " + "
> userPermissions " + " { " + " { "
> + " protectedItems {entry}, " + "
> grantsAndDenials { grantModify, grantBrowse, grantRead } "
> + " }, " + " { " + "
> protectedItems {allAttributeValues {userPassword}}, "
> + " grantsAndDenials { grantAdd,
> grantRemove } " + " } " + " } " + " } " + "}";
>
> createAccessControlSubentry( "testModifyPrescriptiveAci",
> identPrefix + restOfAci );
>
> CoreSession session = service.getAdminSession();
>
> Dn subEntryDn =new Dn( service.getSchemaManager(),
> "cn=testModifyPrescriptiveAci,ou=system" );
> System.out.println( session.lookup( subEntryDn, "+" ) );
>
> Attribute prescriptiveAciAt = new DefaultAttribute(
> SchemaConstants.PRESCRIPTIVE_ACI_AT );
>
> String newAci = "{ identificationTag
> \"dirsrvr-1625ModifyPrescriptiveAci\", " + restOfAci;
> prescriptiveAciAt.add( newAci );
>
> ModifyRequest modReq = new ModifyRequestImpl();
> modReq.setName( subEntryDn );
> modReq.replace( SchemaConstants.PRESCRIPTIVE_ACI_AT, newAci );
> session.modify( modReq );
>
> Entry subEntry = session.lookup( subEntryDn, "+" );
> System.out.println( subEntry );
> assertEquals( newAci, subEntry.get(
> SchemaConstants.PRESCRIPTIVE_ACI_AT ).getString() );
> }
>
>
>
> > Cannot modify a prescriptiveAci on a subEntry
> > ---------------------------------------------
> >
> > Key: DIRSERVER-1625
> > URL:
> https://issues.apache.org/jira/browse/DIRSERVER-1625
> > Project: Directory ApacheDS
> > Issue Type: Bug
> > Components: core
> > Reporter: Mike Adamson
> > Assignee: Kiran Ayyagari
> >
> > Attempting to replace an aci on a subEntry using a user session with the
> following:
> > ModifyRequest modifyRequest = new
> ModifyRequestImpl().setName(subEntryDn).replace(aciAttribute);
> > session.modify(modifyRequest);
> > results in a LdapSchemaViolationException
> > I have tracked this down to this block of code at the bottom of the
> AciAuthorizationInterceptor.modify method:
> > Entry modifiedEntry = modifyContext.lookup( dn,
> ByPassConstants.LOOKUP_BYPASS );
> > tupleCache.subentryModified( dn, mods, modifiedEntry );
> > groupCache.groupModified( dn, mods, entry, schemaManager );
>
> --
> This message is automatically generated by JIRA.
> For more information on JIRA, see: http://www.atlassian.com/software/jira
>
>
>
