Open carrgilson opened 8 years ago
thanks! That sounds like a bug, I'll give that a unit test
On 07/21/2016 12:26 PM, Adam Carrgilson wrote:
In a setup where the iRODS server [4.1.8] is configured with the STRICT ACL policy, if a file does not have that user explicitly listed in the ACL (i.e. not as a member of a group), the file will not download and will instead provide this error message:
{"error":{"cause":null,"class":"java.io.FileNotFoundException","localizedMessage":"no access to the file","message":"no access to the file","stackTrace":[{"class":"java.lang.StackTraceElement","className":"org.irods.jargon.idrop.web.services.FileService","fileName":"FileService.groovy","lineNumber":124,"methodName":"obtainInputStreamForDownloadSingleFile","nativeMethod":false},{"class":"java.lang.StackTraceElement","className":"org.irods.jargon.idrop.web.controllers.DownloadController","fileName":"DownloadController.groovy","lineNumber":43,"methodName":"show","nativeMethod":false},{"class":"java.lang.StackTraceElement","className":"grails.plugin.cache.web.filter.PageFragmentCachingFilter","fileName":"PageFragmentCachingFilter.java","lineNumber":198,"methodName":"doFilter","nativeMethod":false},{"class":"java.lang.StackTraceElement","className":"grails.plugin.cache.web.filter.AbstractFilter","fileName":"AbstractFilter.java","lineNumber":63,"methodName":"doFilter","nativeMethod":false},{"class":"java.lang.StackTraceElement","className":"com.brandseye.cors.CorsFilter","fileName":"CorsFilter.java","lineNumber":82,"methodName":"doFilter","nativeMethod":false},{"class":"java.lang.StackTraceElement","className":"java.util.concurrent.ThreadPoolExecutor","fileName":"ThreadPoolExecutor.java","lineNumber":1142,"methodName":"runWorker","nativeMethod":false},{"class":"java.lang.StackTraceElement","className":"java.util.concurrent.ThreadPoolExecutor$Worker","fileName":"ThreadPoolExecutor.java","lineNumber":617,"methodName":"run","nativeMethod":false},{"class":"java.lang.StackTraceElement","className":"java.lang.Thread","fileName":"Thread.java","lineNumber":745,"methodName":"run","nativeMethod":false}],"suppressed":[]}} Users are able to view information on data objects as expected while having permissions through group membership but cannot download the data object unless they are explicitly listed in the ACL.
For example: This file can be downloaded by usera:
|$ ils -A file.jpg /tempZone/home/usera/file.jpg ACL - usera#tempZone:own |
While this file can be listed by usera but errors when download is attempted:
|$ ils -A file.jpg /tempZone/home/usera/file.jpg ACL - public#tempZone:read object |
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/DICE-UNC/irods-cloud-browser/issues/177, or mute the thread https://github.com/notifications/unsubscribe-auth/ABC-LS7_kXfldsus_xWwMoLKv28TYO7yks5qX52egaJpZM4JR-jZ.
This may be down in jargon....it does a pre-check before allowing download.
In a setup where the iRODS server [4.1.8] is configured with the STRICT ACL policy, if a file does not have that user explicitly listed in the ACL (i.e. not as a member of a group), the file will not download and will instead provide this error message:
Users are able to view information on data objects as expected while having permissions through group membership but cannot download the data object unless they are explicitly listed in the ACL.
For example: This file can be downloaded by usera:
While this file can be listed by usera but errors when download is attempted: