Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Orphaned Realms in XML expressions of ACL

Description

If is triggered Tools using XML based storage will retain the now orphaned Realms.

Site members are then denied access to Section constrained Tool entities. This is because the XML embedded ACL is bound to a Realm which is no longer used in the Site.

Our investigations at Stanford w/2.4.x find that this encompasses Section aware -
Content
Schedule
Announcements

This can be duplicated in the Sakai UI by

1) creating a site
2) creating Sections
3) creating a folder in Resource/Content tool
4) constraining access to the folder to one of your Sections
5) trigger a SiteService.save(s)
5.1) One way is in Section Info - toggle the management from whatever it is, to the opposite, and back.
6) go to the content tool and you'll see that the access constraint is gone. Look carefully - the sections are still listed, but they are based on the new Realm.
7) attempt to access the restricted content as one of your section members.

Activity

Aaron Zeckoski August 22, 2013 at 9:57 AM

Edge case so we are killing this as no resources

Ian Boston January 29, 2009 at 2:28 AM

I am unassigning this issue as it gives the wrong impression. I dont have enough hours in the day to look at this issue at the moment and keeping it assigned to me give the reporter hope that I might be able to look at it. I am very sorry. If this issue is a real blocker for production then I would suggest you look for resource in the community to fix the problem, I am happy to respond to emails and guide. Where the code base is Rwiki or Search, I have absolutely no problem with someone else working on the code, this after all is a community.

Casey Dunn March 26, 2008 at 3:04 PM

Hmm, I wonder if there is a Realm Advisor?

as each realm was updated / disconnected the RA for each Section Aware tool could do a clean up, and strip the now less useful ACL.

but it'll be almost impossible to know what the replacement is.

No Resources

Details

Priority

Affects versions

Fix versions

Components

Assignee

Reporter

Created October 12, 2007 at 2:41 PM
Updated September 16, 2013 at 1:34 PM
Resolved August 22, 2013 at 9:57 AM