some ACL Testcases fail

Tue, 16 Sep 2003 05:38:50 -0700 

Hello,

with our installation of slide 2 some ACL testcases fail

e.g.
ACL\functional\AccessControlMethods\ACLExamples\ACL2UserDenyAllGrantRead.xml

The testcase does the following:

1. creates a collection /test/test
Thread-11, 15-Sep-2003 12:19:20, test2, MKCOL, 201 "Created", 125 ms,
/test/test

2. denies all permission on that collection to user "test"
Thread-12, 15-Sep-2003 12:19:20, test2, ACL, 200 "OK", 187 ms,
/test/test

3. gives all users read permissions on that collection
Thread-13, 15-Sep-2003 12:19:21, test2, ACL, 200 "OK", 63 ms, /test/test

4. tests user access as user "test"
Thread-56, 15-Sep-2003 12:19:21, test, HEAD, 200 "OK", 47 ms, /test/test

cleanup
5. removes all permissions from collection /test (!)
Thread-55, 15-Sep-2003 12:19:21, test2, ACL, 200 "OK", 63 ms, /test/

6. deletes the collection /test/test 
Thread-12, 15-Sep-2003 12:19:21, test2, DELETE, 403 "Forbidden", 47 ms, /test/test

In our configuration the 6th step fails.  This seems to be because all 
permissions which allow user "test2" to do steps 1, 2, 3, and 5 are 
inherited from collection /test.

Why test step 5 removes the permissions from the parent collection?

--------------------

And now an other question concerning this test case:

The first ACL request sets the ACL for the URI /test/test.
The second one does this too -- owerwriting the prevously set ACL.

To test something like ACL2UserDenyAllGrantRead shouldn't be both permissions
be set in one ACL request like:

      <D:acl xmlns:D="DAV:">
         <D:ace>
            <D:principal>
               <D:all></D:all>
            </D:principal>
            <D:grant>
               <D:privilege><D:read /></D:privilege>
            </D:grant>
         </D:ace>

        <D:ace>
            <D:principal>
               <D:href>%globalVariableUserPath%</D:href>
            </D:principal>
            <D:deny>
               <D:privilege><D:all /></D:privilege>
            </D:deny>         
         </D:ace>
      </D:acl>

Regards
Stefan L�tzkendorf


-- 
+--------------------------------------------+
|                                            |
|  Stefan L�tzkendorf                        |
|                                            |
|  Institut f�r Terminologie und             |
|  angewandte Wissensforschung (itaw) GmbH   |
|                                            |
|  Sitz: Am K�llnischen Park 6/7             |
|        D-10179 Berlin                      |
|  Mail: [EMAIL PROTECTED]          |
|  Tel.: ++49 (030) 30 86 20 88              |
|                                            |
+--------------------------------------------+

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to