Issue Details (XML | Word | Printable)

Key: SAK-11921
Type: Bug Bug
Status: Open Open
Priority: Major Major
Assignee: Unassigned
Reporter: casey dunn
Votes: 0
Watchers: 2
Operations

If you were logged in you would be able to see more operations.
Sakai

Orphaned Realms in XML expressions of ACL

Created: 12-Oct-2007 14:41   Updated: 20-Jan-2010 08:28
Component/s: Announcements, Authz service (Pre-K1/2.6), Content service (Pre-K1/2.6), Schedule, Section Info
Affects Version/s: 2.4.0, 2.4.1
Fix Version/s: None

Time Tracking:
Not Specified

Issue Links:
Relate
 

2.6.x Status: None
2.5.x Status: None
2.4.x Status: None


 Description  « Hide
If SAK-11320 is triggered Tools using XML based storage will retain the now orphaned Realms.

Site members are then denied access to Section constrained Tool entities. This is because the XML embedded ACL is bound to a Realm which is no longer used in the Site.

Our investigations at Stanford w/2.4.x find that this encompasses Section aware -
  Content
  Schedule
  Announcements

This can be duplicated in the Sakai UI by

 1) creating a site
 2) creating Sections
 3) creating a folder in Resource/Content tool
 4) constraining access to the folder to one of your Sections
 5) trigger a SiteService.save(s)
  5.1) One way is in Section Info - toggle the management from whatever it is, to the opposite, and back.
 6) go to the content tool and you'll see that the access constraint is gone. Look carefully - the sections are still listed, but they are based on the new Realm.
 7) attempt to access the restricted content as one of your section members.

 All   Comments   Work Log   Change History   Subversion Commits   git Commits      Sort Order: Ascending order - Click to sort in descending order
[ Permlink | « Hide ]
casey dunn added a comment - 26-Mar-2008 15:04
Hmm, I wonder if there is a Realm Advisor?

as each realm was updated / disconnected the RA for each Section Aware tool could do a clean up, and strip the now less useful ACL.

but it'll be almost impossible to know what the replacement is.

[ Permlink | « Hide ]
Ian Boston added a comment - 29-Jan-2009 02:28
I am unassigning this issue as it gives the wrong impression. I dont have enough hours in the day to look at this issue at the moment and keeping it assigned to me give the reporter hope that I might be able to look at it. I am very sorry. If this issue is a real blocker for production then I would suggest you look for resource in the community to fix the problem, I am happy to respond to emails and guide. Where the code base is Rwiki or Search, I have absolutely no problem with someone else working on the code, this after all is a community.


Powered by a free Atlassian JIRA open source license for Sakai Foundation. Try JIRA - bug tracking software for your team.
Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.13.2-#335) - Bug/feature request - Atlassian news - Contact Administrators