[JIRA] Created: (NXP-657) Make the CoreSession implementations check security on atomic permissions

Thu, 22 Feb 2007 06:00:17 -0800

Issue (View Online)

Key: NXP-657
Issue Type: Bug Bug
Status: Open Open
Priority: Minor Minor
Assignee: Bogdan Stefanescu
Reporter: Olivier Grisel

Operations

View all
View comments
View history
Make the CoreSession implementations check security on atomic permissions 
Updated: 22/02/07 14:57   Created: 22/02/07 14:57  

Project: Nuxeo Enterprise Platform 5
Components: Core, Security
Affects Versions: 5.0.0 GA
Fix Versions: 5.1 M2

 Description   
Currently the AbstractSession implementation check security on compund permissions such as READ and WRITE for which the semantics are undefined. Permissions checks should be done on atomic permissions such as BROWSE, READ_PROPERTIES, WRITE_PROPERTIES, ...

ptiyours% jf checkPermission |grep "WRITE)"
./org.nuxeo.ecm.core.repository/src/org/nuxeo/ecm/core/api/AbstractSession.java:313: checkPermission(dstDoc, WRITE);
./org.nuxeo.ecm.core.repository/src/org/nuxeo/ecm/core/api/AbstractSession.java:345: checkPermission(dstDoc, WRITE);
./org.nuxeo.ecm.core.repository/src/org/nuxeo/ecm/core/api/AbstractSession.java:346: checkPermission(srcDoc, WRITE);
./org.nuxeo.ecm.core.repository/src/org/nuxeo/ecm/core/api/AbstractSession.java:914: checkPermission(doc, WRITE);
./org.nuxeo.ecm.core.repository/src/org/nuxeo/ecm/core/api/AbstractSession.java:932: checkPermission(doc, WRITE);
./org.nuxeo.ecm.core.repository/src/org/nuxeo/ecm/core/api/AbstractSession.java:1062: checkPermission(doc, WRITE);
./org.nuxeo.ecm.core.repository/src/org/nuxeo/ecm/core/api/AbstractSession.java:1077: checkPermission(doc, WRITE);
./org.nuxeo.ecm.core.repository/src/org/nuxeo/ecm/core/api/AbstractSession.java:1094: checkPermission(doc, WRITE);
./org.nuxeo.ecm.core.repository/src/org/nuxeo/ecm/core/api/AbstractSession.java:1513: checkPermission(doc, WRITE);
ptiyours% jf checkPermission |grep "READ)"
./org.nuxeo.ecm.core.repository/src/org/nuxeo/ecm/core/api/AbstractSession.java:504: checkPermission(child, READ);
./org.nuxeo.ecm.core.repository/src/org/nuxeo/ecm/core/api/AbstractSession.java:565: checkPermission(doc, READ);
./org.nuxeo.ecm.core.repository/src/org/nuxeo/ecm/core/api/AbstractSession.java:577: checkPermission(doc, READ);
./org.nuxeo.ecm.core.repository/src/org/nuxeo/ecm/core/api/AbstractSession.java:683: checkPermission(parentDoc, READ);
./org.nuxeo.ecm.core.repository/src/org/nuxeo/ecm/core/api/AbstractSession.java:1125: checkPermission(doc, READ);
./org.nuxeo.ecm.core.repository/src/org/nuxeo/ecm/core/api/AbstractSession.java:1142: checkPermission(doc, READ);
./org.nuxeo.ecm.core.repository/src/org/nuxeo/ecm/core/api/AbstractSession.java:1228: checkPermission(doc, READ);
./org.nuxeo.ecm.core.repository/src/org/nuxeo/ecm/core/api/AbstractSession.java:1244: checkPermission(doc, READ);
./org.nuxeo.ecm.core.repository/src/org/nuxeo/ecm/core/api/AbstractSession.java:1261: checkPermission(doc, READ);
./org.nuxeo.ecm.core.repository/src/org/nuxeo/ecm/core/api/AbstractSession.java:1288: checkPermission(doc, READ);
./org.nuxeo.ecm.core.repository/src/org/nuxeo/ecm/core/api/AbstractSession.java:1471: // :: checkPermission(parentDoc, READ);
./org.nuxeo.ecm.core.repository/src/org/nuxeo/ecm/core/api/AbstractSession.java:1503: checkPermission(doc, READ);

Same remark holds for hasPermission instead of checkPermission.

This message was automatically generated by Atlassian JIRA Enterprise Edition, Version: 3.7.2-186 - Bug/feature request.
If you think it was sent incorrectly, contact one of this server's administrators. 

_______________________________________________
ECM-tickets mailing list
[email protected]
http://lists.nuxeo.com/mailman/listinfo/ecm-tickets

Reply via email to