Comment 17 for bug 1430645
Revision history for this message
| Thiago da Silva (thiagodasilva) wrote Re: [Bug 1430645] Re: unauthorized delete from container with x-version-location | #17 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
On Fri, 2015-03-13 at 16:16 +0000, Christian Schwede wrote:
> I'm adding part of the review for the versioned write refactoring patch
> here to keep it private for now.
>
> Thiago, thanks for updating the patch (
> https:/
> https:/
> 2738 ff. we should ensure that none of the versioned objects itself is
> deleted (because account2 has no write permission there). So account2
> might be able to delete the original object (which needs to be discussed
> if there is no write access to the version container), but the test
> needs to ensure nothing is deleted in the version container. Or am I
> wrong?
>
Yes, this is correct. I'm adding a test to make sure account2 cannot
delete a previous version of the object (i.e., directly on the versioned
container), but is able to delete the latest object from the "source"
container, because he has write access to it.
In addition, I also added a third user with no access whatsoever to test
deleting from either container.