Uploaded image for project: 'Fedora Repository Project (LEGACY)'
  1. Fedora Repository Project (LEGACY)
  2. FCREPO-1044

modifyObject incorrectly uses the ownerID XACML resource attributeID URI for the new ownerID property supplied by the API method

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Won't Fix
    • Affects Version/s: Fedora 3.5
    • Fix Version/s: None
    • Labels:
      None
    • Roadmap Theme:
      Security: Authorization

      Description

      1) Legacy XACML incorrectly uses the resource attribute ID for ownerID for the new ownerID property - it should supply the new ownerID property as a different URI (see for example the way state is handled - different URIs for existing resource state and new resource state).
      2) FeSL does the same

      Note that this bug will only show up if an ownerID value is supplied as a parameter of the modifyObject method - if none is present then the legacy XACML engine will pick up the existing value from the object. FeSL's default configuration is to supply this value using the URI "info:fedora/fedora-system:def/model#ownerId" - which will always give the current (not the new) ownerID.

      This means that modifyObject API operations cannot be restricted by policies based on the existing ownerID of the object, as the value from the request will be used if present instead of the existing object's ownerID.

        Attachments

          Activity

            People

            Assignee:
            penthes Stephen Bayliss
            Reporter:
            penthes Stephen Bayliss
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: