Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SEC-172: Allow SimpleAclEntry to take 'null' as recipient constructor argument #434

Closed
spring-issuemaster opened this issue Feb 6, 2006 · 6 comments

Comments

@spring-issuemaster
Copy link

@spring-issuemaster spring-issuemaster commented Feb 6, 2006

Mikko Peltonen(Migrated from SEC-172) said:

If I want to add only parent acl_object_identity link to a domain object, without creating any real acl entries so that I’m effecively inheriting all acl’s, I can do that by calling JdbcExtendedDaoImpl.create method with ‘null’ recipient.

However you can’t pass null recipient to SimpleAclEntry’s constructor because AbstractAclEntry’s constructor asserts that recipient is not null. You can work-aroud that by constructing SimpleAclEntry with "" recipient and then calling setRecipient(null), which works.

Is there any reason not to allow ‘null’ for recipient constructor argument, for saving a line of code? Or is there some other way of creating just acl_object_identity and parent link without acl’s?

@spring-issuemaster

This comment has been minimized.

Copy link
Author

@spring-issuemaster spring-issuemaster commented Feb 7, 2006

Ben Alex said:

The BasicAclEntry interface defines the contract, which expressly states that getRecipient() should never return null. An issue is JdbcExtendedDaoImpl relies on getRecipient() being null to not create an acl_permission row. We can’t use a mask of zero, either, as that has meaning in terms of revoking permissions. Need to give this more thought.

@spring-issuemaster

This comment has been minimized.

Copy link
Author

@spring-issuemaster spring-issuemaster commented Feb 8, 2006

Mikko Peltonen said:

What about using negative mask for this purpose?

@spring-issuemaster

This comment has been minimized.

Copy link
Author

@spring-issuemaster spring-issuemaster commented Feb 9, 2006

Mikko Peltonen said:

And more suggestions… couldn’t we just add a new method for this purpose to BasicAclExtendedDao, something like:

createIdentity(AclObjectIdentity aclObjectIdentity, AclObjectIdentity parentObjectIdentity);

@spring-issuemaster

This comment has been minimized.

Copy link
Author

@spring-issuemaster spring-issuemaster commented Feb 16, 2006

Mikko Peltonen said:

Because of the inheritance stuff, I think we need separate creation/deletion methods for the ACL Identities, in addition to AclEntries.

Currently, I have a use case where I should be able to delete all ACL entries from a domain object, but NOT the AclObjectIdentity because domain object has child identity. Current contract of the BasicAclExtendedDao.delete deletes both all AclEntries AND the AclObjectIdentity, which is not acceptable in this case.

@spring-issuemaster

This comment has been minimized.

Copy link
Author

@spring-issuemaster spring-issuemaster commented May 22, 2006

Ben Alex said:

Due to SEC-239 refactoring of the ACL package – which includes negating permissions – this task won’t be completed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can’t perform that action at this time.