[JIRA] Resolved: (NXP-2427) AbstractSession.isAdministrator() should not rely on hardcoded groupname by use the pluggable permission system

Olivier Grisel (JIRA NUXEO) Wed, 28 May 2008 08:26:12 -0700

     [ 
http://jira.nuxeo.org/browse/NXP-2427?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Olivier Grisel resolved NXP-2427.
---------------------------------

    Resolution: Won't Fix

FG said:

I don't agree, the isAdministrator check is not a check for a specific 
permission. It's a check for an actual superuser defined as such.
The fact that it has Everything permission on the root is just a side effect. 
And not all people having that permission on the root should have 
isAdministrator == true.

I would prefer that the UserManager config specify explicitely what logins are 
superusers, then these principals automatically have isAdministrator which is 
true.

Currently we have:
    <userManager>
      <defaultAdministratorId>someone</defaultAdministratorId>
    </userManager>

This should be changed to allow something like:
    <userManager>
      <users>
        <administrator>someone</administrator>
        <administrator>someoneelse</administrator>
      </users>
    </userManager> 

> AbstractSession.isAdministrator() should not rely on hardcoded groupname by 
> use the pluggable permission system
> ---------------------------------------------------------------------------------------------------------------
>
>                 Key: NXP-2427
>                 URL: http://jira.nuxeo.org/browse/NXP-2427
>             Project: Nuxeo Enterprise Platform
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 5.1.4, 5.2 M1
>            Reporter: Olivier Grisel
>            Assignee: Olivier Grisel
>            Priority: Major
>             Fix For: 5.1.5, 5.2 M2
>
>   Original Estimate: 2 hours
>  Remaining Estimate: 2 hours
>
> AbstractSession implementation sometimes uses an internal method 
> isAdministrator() that tests whether the current principal name is 
> 'Administrator' or if it belongs to a group with name 'administrators'.
> Performing security checks based on principal names is wrong since principal 
> names can come from external source (such as LDAP or ActiveDirectory server) 
> we have no control on.
> Instead we should use permission check that are pluggable thanks to the 
> existing extension point.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://jira.nuxeo.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        
_______________________________________________
ECM-tickets mailing list
[email protected]
http://lists.nuxeo.com/mailman/listinfo/ecm-tickets

[JIRA] Resolved: (NXP-2427) AbstractSession.isAdministrator() should not rely on hardcoded groupname by use the pluggable permission system

Reply via email to