Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: Fedora 4.4.0
    • Fix Version/s: Fedora 4.5.0
    • Component/s: None
    • Labels:
    • Sprint:
      Sprint 2015 - 12

      Description

      This task is to resolve the following issue where a non-admin user is unable to PUT or POST a new resource... regardless of the ACL in effect.

      To replicate:
      # Create resource
      curl -i -ufedoraAdmin:secret3 -XPUT localhost:8080/fcrepo/rest/test

      # Create an ACL
      curl -i -ufedoraAdmin:secret3 -XPUT localhost:8080/fcrepo/rest/acls
      curl -i -ufedoraAdmin:secret3 -XPUT localhost:8080/fcrepo/rest/acls/acl

      curl -i -ufedoraAdmin:secret3 -XPUT -H"Content-Type: text/turtle" --data-binary @auth.ttl localhost:8080/fcrepo/rest/acls/acl/auth
      ** where auth.ttl is:
      ==============
      @prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
      @prefix acl: <http://www.w3.org/ns/auth/acl#> .
      @prefix foaf: <http://xmlns.com/foaf/0.1/> .
      @prefix fedora: <http://fedora.info/definitions/v4/repository#> .

      <> a acl:Authorization ;
         acl:agent "adminuser" ;
         acl:mode acl:Write, acl:Read ;
         acl:accessTo <http://localhost:8080/fcrepo/rest/test> .
      ==============

      # Associate ACL with test resource
      curl -i -ufedoraAdmin:secret3 -H"Content-Type: application/sparql-update" --data-binary @link.su -XPATCH localhost:8080/fcrepo/rest/test
      ** where link.su is:
      ==============
      PREFIX acl: <http://www.w3.org/ns/auth/acl#>

      INSERT {
        <> acl:accessControl <http://localhost:8080/fcrepo/rest/acls/acl>
      } WHERE {}
      ==============

      # Verify READ protection:
      curl -i -uadminuser:password2 localhost:8080/fcrepo/rest/test
      >> 200
      curl -i -utestuser:password1 localhost:8080/fcrepo/rest/test
      >> 403

      # Verify WRITE protection:
      curl -i -uadminuser:password2 -XPUT localhost:8080/fcrepo/rest/test/child
      >> 404 ??
      curl -i -uadminuser:password2 -XPOST localhost:8080/fcrepo/rest/test/child
      >> 404 ??

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                acoburn Aaron Coburn
                Reporter:
                awoods Andrew Woods
                Reviewer:
                Andrew Woods
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: