[ http://issues.apache.org/jira/brows...243
1491 ]

Ersin Er commented on DIRSERVER-725:
------------------------------------

Fixed for 1.0 here:
http://svn.apache.org/viewvc?rev=438396&view=rev

> Access control permission Import is only meaningful for prescriptive ACI
> ------------------------------------------------------------------------
>
>                 Key: DIRSERVER-725
>                 URL: http://issues.apache.org/jira/browse/DIRSERVER-725
>             Project: Directory ApacheDS
>          Issue Type: Bug
>    Affects Versions: 1.0-RC1, 1.0-RC2, pre-1.0, 1.1.0, 1.0-RC3, 1.0-RC4
>            Reporter: Ersin Er
>         Assigned To: Ersin Er
>             Fix For: 1.1.0, 1.0-RC4
>
>
> As stated in X.501 L.4:
> "If granted, allows entries, including all subordinates, to be relocated a
t the designated location in the DIT
> in a ModifyDN operation. Import is only meaningful as prescriptive ACI."
> However our current implementation considers also entry ACIs that includes
 Import permissions.
> Here is a code snippet from our implementation:
> Collection destTuples = new HashSet();
>         addPerscriptiveAciTuples( proxy, destTuples, oriChildName, entry )
;
>         addEntryAciTuples( destTuples, entry );
>         addSubentryAciTuples( proxy, destTuples, oriChildName, entry );
>         engine.checkPermission( proxy, userGroups, userName, principal.get
AuthenticationLevel(), oriChildName, null,
>             null, IMPORT_PERMS, tuples, entry );
> The line
> addEntryAciTuples( destTuples, entry );
> needs to be removed in from the relevant code parts.

--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://iss
ues.apache.org/ji...nistrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[ Post a follow-up to this message ]