[Yanel-dev] Bug 5130 - Implement disabling of inheritance within a policy

Paloma Gomez paloma.gomez at wyona.com
Fri Mar 30 16:55:59 CEST 2007 

Hi all,

In order to prevent to make permission="true" mean "do apply inheritance"
I think we should make the following changes to attachment 492:

There are two if clauses in the patch (see line 80).

The first one checks if there is a permission attribute for the given
role. If there is such an attribute, it then checks its value. If it is
false, it denies access and if it is true, it grants access.

The same applies to the next if clause, but in this case it checks if
there is an permission attribute for the policy tag. Again, if there is
such an attribute, the same tests and actions are applied.

So I suggest changing it from:

Original code
-----------------------------------------------
+                    if(defaultRolePermission != null){
+                	if (defaultRolePermission.equals("true")) {
+                            log.debug("Policy inheritance disabled for
role:" + roleName + ". Access granted: " + path);
+                            return true;
+                        } else {
+                            log.debug("Policy inheritance disabled for
role:" + roleName + ". Access denied: "+ path);
+                            return false;
+                        }
+                    }
                 }
             }
+            if(defaultPermission != null){
+        	if (defaultPermission.equals("true")) {
+                    log.debug("Policy inheritance disabled. Access
granted: " + path);
+                    return true;
+                } else {
+                    log.debug("Policy inheritance disabled. Access
denied: "+ path);
+                    return false;
+                }
+            }
------------------------------------------------------------------------

to

New code:
-------------------------------------------------------------------------
if(defaultRolePermission != null){
    if (defaultRolePermission.equals("false")) {
       log.debug("Policy inheritance disabled for role:" + roleName + ".
Access denied: "+ path);
       return false;
    }
}

[...]

if(defaultPermission != null){
    if (defaultPermission.equals("false")) {
        log.debug("Policy inheritance disabled. Access denied: "+ path);
        return false;
     }
}
-------------------------------------------------------------------------


HTH,

Paloma

More information about the Yanel-development mailing list