DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG� RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=32352>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND� INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=32352 Summary: /actions/write granted to owner is insufficient to create a new file Product: Slide Version: 2.1 Platform: PC OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Security AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] Reference this thread: http://www.mail-archive.com/[email protected]/msg08922.html Here's the situation: a collection has /actions/write granted to owner but no other principals. The owner of the collection tries to create a new file and is denied. What's happening is Slide is checking for /actions/bind on the parent collection (this passes) but then is checking for /actions/write on the new file (which hasn't been created yet, so it doesn't have an owner property). I see two solutions, but neither are ideal. 1) Store the file, set the owner, do the security check then remove the file if the security check failed. 2) Remove the /actions/write security check. I'm favoring the second option, since /actions/bind on the parent is all that should be required to create a new resource, but I'd really appreciate some additional input on this. -James -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
