[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Some potential error in RoleDAO

To: openldap-fortress@openldap.org
Subject: Re: Some potential error in RoleDAO
From: Shawn McKinney <shawn.mckinney@jts.us>
Date: Thu, 04 Jul 2013 23:35:58 -0500
In-reply-to: <51D5FE2F.8080801@gmail.com>
References: <51D5FE2F.8080801@gmail.com>
User-agent: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/20130623 Thunderbird/17.0.7

On 07/04/2013 05:58 PM, Emmanuel LÃcharny wrote:

I'm not 100% sure, bt it seems that the update() method in RoleDAO is
not correct :

     public final Role update( Role entity )
         throws UpdateException
     {
         ...
         try
         {
             ...
             if ( VUtil.isNotNullOrEmpty( entity.getOccupants() ) )
             {
                 for ( String name : entity.getOccupants() )
                 {
                     LDAPAttribute occupant = new LDAPAttribute(
ROLE_OCCUPANT, name );
                     mods.add( LDAPModification.REPLACE, occupant );
                 }

Here, I think that the ROLE_OCCUPENT Attribute will only contain the
last name, when it should contain all the names.

Thoughts ?

This code will update the role occupant with the correct value of theuser's dn. But we don't want to update this attribute here, rather itshould only be updated in assign/deassign methods. The reason is assignenforces static separation of duty constraints where doesn't.


Have created a ticket and removed code from the method.

FC-51 - RoleDAO update should not update role occupants

--
shawn.mckinney@jts.us is my new email address

References:
- Some potential error in RoleDAO
  - From: Emmanuel LÃcharny <elecharny@gmail.com>

Prev by Date: Re: Doubt about a method...
Next by Date: Is the INHERITANCE_COL value useful ?
Index(es):
- Chronological
- Thread