Uploaded image for project: 'Service Packs and Hot Fixes'
  1. Service Packs and Hot Fixes
  2. MNT-7483

Inconsistent access criteria for CIFS vs. WebDav w.r.t. ancestor access permissions

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Minor
    • Resolution: Won't Fix
    • Affects Version/s: 3.4.3
    • Fix Version/s: None
    • Component/s: CIFS, JLAN
    • Labels:
      None

      Description

      [Problem]

      Users are not able to access contents of folders where they do not have permissions to access all folders preceding them in their path via CIFS. Via WebDav users are able to access folders they have permissions for regardless of permissions on parent folders.

      [Details]

      To demonstrate:
      Create nested folders Company Home/L1/L2/L3/L4
      Remove permission inheritance on L2 so that no users are explicitly allowed access
      Grant access to a user 'test' on folder L4

      Via CIFS direct access to L4 will not be possible as tested in Windows 7 and OSX 10.7:
      \\<host>\Alfresco\L1\L2\L3\L4\

      Via WebDav Access to L4 will be granted but attempting to access the parent folder results in a permission error:
      http://test:test@<host>:8080/alfresco/webdav/L1/L2/L3/L4/

      [Expected Result]

      Permission behavior consistent between access methods.

      [Actual Result]

      Permission behavior not consistent between access methods.

      [Additional Info]

      This could be the result of the CIFS protocol specification specifying that permissions on each path component must be checked although to my knowledge this is not the case.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                closedissues Closed Issues
                Reporter:
                jcohorn jcohorn
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: