Uploaded image for project: 'Fedora Repository Project'
  1. Fedora Repository Project
  2. FCREPO-1809

webac: PUT/POST failure for non-admins

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: Fedora 4.4.0
    • Fix Version/s: Fedora 4.5.0
    • Component/s: None
    • Labels:
    • Sprint:
      Sprint 2015 - 12

      Description

      This task is to resolve the following issue where a non-admin user is unable to PUT or POST a new resource... regardless of the ACL in effect.

      To replicate:

      1. Create resource
        curl -i -ufedoraAdmin:secret3 -XPUT localhost:8080/fcrepo/rest/test
      1. Create an ACL
        curl -i -ufedoraAdmin:secret3 -XPUT localhost:8080/fcrepo/rest/acls
        curl -i -ufedoraAdmin:secret3 -XPUT localhost:8080/fcrepo/rest/acls/acl

      curl -i -ufedoraAdmin:secret3 -XPUT -H"Content-Type: text/turtle" --data-binary @auth.ttl localhost:8080/fcrepo/rest/acls/acl/auth

      <> a acl:Authorization ;
      acl:agent "adminuser" ;
      acl:mode acl:Write, acl:Read ;
      acl:accessTo <http://localhost:8080/fcrepo/rest/test> .
      ==============

      1. Associate ACL with test resource
        curl -i -ufedoraAdmin:secret3 -H"Content-Type: application/sparql-update" --data-binary @link.su -XPATCH localhost:8080/fcrepo/rest/test

      INSERT

      { <> acl:accessControl <http://localhost:8080/fcrepo/rest/acls/acl> }

      WHERE {}
      ==============

      1. Verify READ protection:
        curl -i -uadminuser:password2 localhost:8080/fcrepo/rest/test
        >> 200
        curl -i -utestuser:password1 localhost:8080/fcrepo/rest/test
        >> 403
      1. Verify WRITE protection:
        curl -i -uadminuser:password2 -XPUT localhost:8080/fcrepo/rest/test/child
        >> 404 ??
        curl -i -uadminuser:password2 -XPOST localhost:8080/fcrepo/rest/test/child
        >> 404 ??

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                unknown Unknown
                Reporter:
                awoods Andrew Woods
                Reviewer:
                Andrew Woods
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: