I think adding ZooDefs.PERMS.ADMIN to ZooDefs.PERMS.ALL makes sense. I bet very few, if any, of the people using OPEN_ACL_UNSAFE did so with the express desire to block calls to setACL().
-Joey On Tue, Jun 16, 2009 at 8:07 PM, Benjamin Reed<br...@yahoo-inc.com> wrote: > We have discovered that there is a bug in ZooDefs.PERMS.ALL: it is missing > ZooDefs.PERMS.ADMIN, thus it isn't really ALL :) The problem is that the C > binding includes ADMIN in ALL, so we have an inconsistency between the two > bindings. We would like to fix this as a bug fix in the next release, but it > does change behavior, so we wanted to run in by the list to get our users' > opinions. > > To understand the behavioral change let me first remind you that the ADMIN > permission is only used with the setACL operation. Normally, developers use > PERMS.ALL indirectly by using ids.OPEN_ACL_UNSAFE. So, doing zk.create(path, > data, Ids.OPEN_ACL_UNSAFE, flags) will create a > znode for which no one will have the ability to change the ACL, ie call > setACL. If we fix this, everyone will be able to change the ACL of the > znode, which corresponds to the behavior of using OPEN_ACL_UNSAFE with the C > binding. > > (Note: nodes that were previously created with OPEN_ACL_UNSAFE or PERMS.ALL, > will not be affected since these are just client side macros.) > > Thoughts? Suggestions? > > thanx > > ben >