Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: DAViCal: General

wrong privileges on collection with multiple groups

 

 

DAViCal general RSS feed   Index | Next | Previous | View Threaded


pgadmin at pse-consulting

Apr 4, 2012, 12:55 AM

Post #1 of 1 (226 views)
Permalink
wrong privileges on collection with multiple groups

When a user has different privileges on a collection due to membership
in several groups, the sql function path_privs might not get the correct
resulting privileges. This happens because the query

SELECT privileges
INTO out_conferred
FROM grants
WHERE by_collection = grantor_collection
AND (to_principal=in_accessor OR to_principal
IN (SELECT expand_memberships(in_accessor,in_depth)));

can deliver more than one row in this case, and it's quite arbitrary
whether the highest privilege is first or not. The correct solution is
probably to or-aggregate all bits to obtain all privileges over all
groups the user is member in:

SELECT bit_or(privileges)
INTO out_conferred
FROM grants
WHERE by_collection = grantor_collection
AND (to_principal=in_accessor OR to_principal
IN (SELECT expand_memberships(in_accessor,in_depth)));

Please cc me because I'm off-list.

Regards,
Andreas

------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________
Davical-general mailing list
Davical-general [at] lists
https://lists.sourceforge.net/lists/listinfo/davical-general

DAViCal general RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.