[
https://issues.apache.org/jira/browse/QPID-3964?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13258185#comment-13258185
]
[email protected] commented on QPID-3964:
-----------------------------------------------------
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/4827/#review7070
-----------------------------------------------------------
Ship it!
This is an improvement and should remove one source of confusion for ACL
writers.
- Ted
On 2012-04-20 10:38:09, Gordon Sim wrote:
bq.
bq. -----------------------------------------------------------
bq. This is an automatically generated e-mail. To reply, visit:
bq. https://reviews.apache.org/r/4827/
bq. -----------------------------------------------------------
bq.
bq. (Updated 2012-04-20 10:38:09)
bq.
bq.
bq. Review request for Ted Ross, Chug Rolke and rajith attapattu.
bq.
bq.
bq. Summary
bq. -------
bq.
bq. At present, the broker enforces the create permission for passive
declares, albeit with the option of distinguishing that case through a value
for the 'passive' property. This is unintuitive and causes confusion. The
attached change removes the 'passive' property from the 'create' actions, and
enforces the 'access' action instead for passive declares. As a passive declare
is similar in nature to Queue- or Exchange- Query, this is more consistent.
bq.
bq. Note however that this change would not be backwards compatible for all
possible ACLs. I can't see any case where the required change to the ACL would
not be an improvement, but important to recignise that a change may in some
cases be required.
bq.
bq.
bq. This addresses bug QPID-3964.
bq. https://issues.apache.org/jira/browse/QPID-3964
bq.
bq.
bq. Diffs
bq. -----
bq.
bq. /trunk/qpid/cpp/src/qpid/broker/AclModule.h 1328252
bq. /trunk/qpid/cpp/src/qpid/broker/Broker.cpp 1328252
bq. /trunk/qpid/cpp/src/qpid/broker/SessionAdapter.cpp 1328252
bq. /trunk/qpid/cpp/src/tests/acl.py 1328252
bq.
bq. Diff: https://reviews.apache.org/r/4827/diff
bq.
bq.
bq. Testing
bq. -------
bq.
bq. Fixed existing tests to cover the new approach; make check passes.
bq.
bq.
bq. Thanks,
bq.
bq. Gordon
bq.
bq.
> Incorrect ACL checks for passive declares
> -----------------------------------------
>
> Key: QPID-3964
> URL: https://issues.apache.org/jira/browse/QPID-3964
> Project: Qpid
> Issue Type: Bug
> Components: C++ Broker
> Affects Versions: 0.16
> Reporter: Gordon Sim
> Assignee: Gordon Sim
> Fix For: 0.17
>
>
> The broker checks for a 'create' permission when responding to a passive
> declare. This is not correct as a passive declare explicitly *does not*
> create the exchange/queue in question.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
