Bug 245830

Summary: Get Effective Rights Control slightly broken
Product: Red Hat Directory Server Reporter: Bob Lord <blord>
Component: Security - Access Control (ACL)Assignee: Rich Megginson <rmeggins>
Status: CLOSED DUPLICATE QA Contact: Chandrasekar Kannan <ckannan>
Severity: low Docs Contact:
Priority: medium    
Version: 8.0CC: benl, nhosoi, nkinder
Target Milestone: DS8.1   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-12-02 18:23:25 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 249650    

Description Pete Rowley 2007-06-26 21:48:16 UTC 
Description of problem:
The get effective rights control returns access control status for attributes
existing in an entry. However this means that access control status cannot be
determined for attribute types that are allowed but not present on an entry, so
for example, a gui interface cannot predetermine if a user is allowed to add the
first value for an attribute and therefore should display the field for
modification. This would be a nice thing for freeIPA.

Version-Release number of selected component (if applicable):


How reproducible:

always

Steps to Reproduce:
1. use effective rights control
2.
3.
  
Actual results:

no mention of allowed but not existing attributes

Expected results:

The ability to get ionformation on these attribute types - possibly by way of a
flag for the control.

Additional info:
Comment 4 Rich Megginson 2008-12-02 17:27:02 UTC 
This has been fixed, correct?
Comment 5 Noriko Hosoi 2008-12-02 18:05:25 UTC 
(In reply to comment #4)
> This has been fixed, correct?

Yes, one of these cases on the wiki page should cover the RFE, I think.
2-2. requester: tuser0, subject user: tuser0: tuser0 shows tuser0's effective rights of the user given attribute list, which do not exist in the entries. tuser0 is allowed to see the effective rights of the entries that tuser0 can read/search. 

2-3. requester: tuser0, subject user: tuser0: tuser0 shows tuser0's effective rights of all the available attributes associated with the entry's objectclasses, which values may or may not exist. tuser0 is allowed to see the effective rights of the entries that tuser0 can read/search.

http://directory.fedoraproject.org/wiki/Get_Effective_Rights_for_non-present_attributes#2._Cases_newly_supported

This is the bug I used to work on GER enhancement.
 Bug 437525 -  GER: allow GER for non-existing entries

Can we mark this bug as Duplicate of 437525?
Comment 6 Rich Megginson 2008-12-02 18:23:25 UTC 

*** This bug has been marked as a duplicate of bug 437525 ***