-
Notifications
You must be signed in to change notification settings - Fork 76
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Access Has No User Credentials #71
Comments
The Subject is taken credentials of issued RPC request. However, we can update access method to accept a subject as well, if you have a good reason to have it. |
I believe its required to have access to the caller's RPC credentials, otherwise, how would you know which part of the object's mode (user, group or other) to apply to requested access flags? We actually have a fork where we are doing that currently. Effectively, we added Subject to the VirtualFileSystem interface for access and then extracted it out of the call via However, how would you like to handle backwards compatibility? Make Subject an Optional? I'd hate to break compatibility for people. |
The one options would be to add a new method and deprecate the old one. After two major releases the deprecated one can be deleted, somewhere around 0.21.x. |
Access method should check against the caller's RPC credentials. Addresses dCache#71.
Access method should check against the caller's RPC credentials. Addresses dCache#71.
Access method should check against the caller's RPC credentials. Addresses dCache#71. Signed-off-by: Adam Marcionek <[email protected]>
Access method should check against the caller's RPC credentials. Addresses dCache#71. Signed-off-by: Adam Marcionek <[email protected]>
According to both the V3 and V4 RFCs, the function
access()
is supposed to check the requested permissions against the permissions on the object considering the user in the request. The current definition of access inVirtualFileSystem
does not have any user (Subject?) Is this intentional?The text was updated successfully, but these errors were encountered: