[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Handle-info] CNRI Web Admin application: handle permissions are not observed

The REST API generally uses a Handle call which replaces the entire handle record.  That call is authorized by "ADD_ADMIN" permission.

In v8, you can access the same call in the hdl-admintool Java GUI client using "Replace Mode".  Otherwise, the hdl-admintool uses different calls that affect only one value at a time, each of which is authorized separately.

This is something we might reconsider.  Do you have a use case for a user to add but not remove HS_ADMIN values?  (Even though, in principle, such a user could give the user's own identity the extra permission to remove them?)

Robert

> On Feb 19, 2016, at 6:07 PM, Evguenia Krylova <evguenia.krylova@wisc.edu> wrote:
> 
> I have to add that Java client does not allow deleting or modifying admin values for this handle.
> 
> Ev
> 
> 
> From: handle-info-bounces@cnri.reston.va.us <handle-info-bounces@cnri.reston.va.us> on behalf of Evguenia Krylova <evguenia.krylova@wisc.edu>
> Sent: Friday, February 19, 2016 4:48 PM
> To: handle-info@cnri.reston.va.us
> Subject: [Handle-info] CNRI Web Admin application: handle permissions are not observed
>  
> I am testing CNRI Web Admin tool and have come across something that does not make sense to me.
> 
> I a handle 1712/evtest  that can be managed by 200:1712/dladmins_test 
> handle with the following permissions: 011001110011. These are listed as 
> read, add, modify, delete value, list handle and add admin. 
> Index 200 contains vlist with 200:1712/dladmins_test handle in it (see the data below).
> The permissions do not include modify or delete admin, yet when 
> authenticated as 310:1712/batchuser, I can modify and delete admin values and save the handle. 
> This does not look right to me.
> 
> Ev
> 
> 1712/dladmins_test:
> ------------------
> {
>   "responseCode": 1,
>   "handle": "1712/dladmins_test",
>   "values": [
>     {
>       "index": 200,
>       "type": "HS_VLIST",
>       "data": {
>         "format": "vlist",
>         "value": [
>           {
>             "handle": "1711/ltg",
>             "index": 200
>           },
>           {
>             "handle": "1712/batchuser",
>             "index": 310
>           }
>         ]
>       },
>       "ttl": 60,
>       "timestamp": "2016-02-19T22:09:13Z"
>     }
> 
> ,
>     {
>       "index": 100,
>       "type": "HS_ADMIN",
>       "data": {
>         "format": "admin",
>         "value": {
>           "handle": "0.NA/1711",
>           "index": 200,
>           "permissions": "111111111111",
>           "legacyByteLength": true
>         }
>       },
>       "ttl": 60,
>       "timestamp": "2016-02-11T20:19:19Z"
>     },
>     {
>       "index": 103,
>       "type": "HS_ADMIN",
>       "data": {
>         "format": "admin",
>         "value": {
>           "handle": "0.NA/1711",
>           "index": 300,
>           "permissions": "111111111111",
>           "legacyByteLength": true
>         }
>       },
>       "ttl": 86401,
>       "timestamp": "2016-02-11T20:19:19Z"
>     },
>     {
>       "index": 2,
>       "type": "NAME",
>       "data": {
>         "format": "string",
>         "value": "Digital Library Handle Administrators"
>       },
>       "ttl": 86400,
>       "timestamp": "2016-02-11T20:19:19Z"
>     },
>     {
>       "index": 101,
>       "type": "HS_ADMIN",
>       "data": {
>         "format": "admin",
>         "value": {
>           "handle": "1711/ltg",
>           "index": 200,
>           "permissions": "111111111111",
>           "legacyByteLength": true
>         }
>       },
>       "ttl": 86400,
>       "timestamp": "2016-02-11T20:19:19Z"
>     }
>   ]
> }
> 
> 
> 1712/batchuser:
> --------------
> {
>   "responseCode": 1,
>   "handle": "1712/batchuser",
>   "values": [
>     {
>       "index": 1,
>       "type": "NAME",
>       "data": {
>         "format": "string",
>         "value": "Batch user for 1712"
>       },
>       "ttl": 86400,
>       "timestamp": "2016-02-19T22:12:40Z"
>     },
>     {
>       "index": 101,
>       "type": "HS_ADMIN",
>       "data": {
>         "format": "admin",
>         "value": {
>           "handle": "1711/ltg",
>           "index": 200,
>           "permissions": "111111111111"
>         }
>       },
>       "ttl": 86400,
>       "timestamp": "2016-02-19T22:06:56Z"
>     },
>     {
>       "index": 100,
>       "type": "HS_ADMIN",
>       "data": {
>         "format": "admin",
>         "value": {
>           "handle": "0.NA/1712",
>           "index": 200,
>           "permissions": "111111111111"
>         }
>       },
>       "ttl": 86400,
>       "timestamp": "2016-02-19T22:06:56Z"
>     }
>   ]
> }
> 
> 
> 1712/evtest:
> -----------------------
> {
>   "responseCode": 1,
>   "handle": "1712/evtest",
>   "values": [
>     {
>       "index": 100,
>       "type": "HS_ADMIN",
>       "data": {
>         "format": "admin",
>         "value": {
>           "handle": "0.NA/1712",
>           "index": 200,
>           "permissions": "111111111111"
>         }
>       },
>       "ttl": 86400,
>       "timestamp": "2016-02-19T22:05:11Z"
>     },
>     {
>       "index": 2,
>       "type": "NAME",
>       "data": {
>         "format": "string",
>         "value": "test handle for Ev"
>       },
>       "ttl": 86400,
>       "timestamp": "2016-02-19T22:23:59Z"
>     },
>     {
>       "index": 102,
>       "type": "HS_ADMIN",
>       "data": {
>         "format": "admin",
>         "value": {
>           "handle": "1712/dladmins_test",
>           "index": 200,
>           "permissions": "011001110011"
>         }
>       },
>       "ttl": 86400,
>       "timestamp": "2016-02-19T22:28:55Z"
>     }
>   ]
> }
> 
> 
> _______________________________________________
> Handle-Info mailing list
> Handle-Info@cnri.reston.va.us
> http://www.handle.net/mailman/listinfo/handle-info

_______________________________________________
Handle-Info mailing list
Handle-Info@cnri.reston.va.us
http://www.handle.net/mailman/listinfo/handle-info