From 394da7925c4cd8f24928aa475eb7f9d487a068b7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Carlos=20Mart=C3=ADn?= <cmartins@fdi.ucm.es>
Date: Fri, 30 Dec 2011 21:35:51 +0100
Subject: [PATCH] Better management of new object creation requests The ACLs
 associated to the objects are not created if the object doesn't have a oid

---
 src/acl/AclManager.cc    | 133 ++++++++++++++++++++-------------------
 src/authm/AuthManager.cc |   2 -
 2 files changed, 68 insertions(+), 67 deletions(-)

diff --git a/src/acl/AclManager.cc b/src/acl/AclManager.cc
index d8e6b157c4..c0a932bec3 100644
--- a/src/acl/AclManager.cc
+++ b/src/acl/AclManager.cc
@@ -188,75 +188,78 @@ const bool AclManager::authorize(
     // ---------------------------------------------------
     // Create temporary rules from the object permissions
     // ---------------------------------------------------
-
     multimap<long long, AclRule*> tmp_rules;
-    long long perm_user, perm_resource, perm_rights;
-    AclRule * tmp_rule;
 
-    perm_resource   = obj_type | AclRule::INDIVIDUAL_ID | obj_perms.oid;
-
-    // Rule     "#uid  ob_type/#oid  user_rights"
-    perm_user       = AclRule::INDIVIDUAL_ID | obj_perms.uid;
-    perm_rights     = 0;
-    if ( obj_perms.owner_u == 1 )
+    if ( obj_perms.oid >= 0 )   // If oid is -1, this is a new obj. creation
     {
-        perm_rights = perm_rights | AuthRequest::USE;
+        long long perm_user, perm_resource, perm_rights;
+        AclRule * tmp_rule;
+
+        perm_resource   = obj_type | AclRule::INDIVIDUAL_ID | obj_perms.oid;
+
+        // Rule     "#uid  ob_type/#oid  user_rights"
+
+        perm_user       = AclRule::INDIVIDUAL_ID | obj_perms.uid;
+        perm_rights     = 0;
+        if ( obj_perms.owner_u == 1 )
+        {
+            perm_rights = perm_rights | AuthRequest::USE;
+        }
+        if ( obj_perms.owner_m == 1 )
+        {
+            perm_rights = perm_rights | AuthRequest::MANAGE;
+        }
+        if ( obj_perms.owner_a == 1 )
+        {
+            perm_rights = perm_rights | AuthRequest::ADMIN;
+        }
+
+        tmp_rule = new AclRule(0, perm_user, perm_resource, perm_rights);
+
+        tmp_rules.insert( make_pair(tmp_rule->user, tmp_rule) );
+
+        // Rule     "@gid  ob_type/#oid  group_rights"
+        perm_user       = AclRule::GROUP_ID | obj_perms.gid;
+        perm_rights     = 0;
+
+        if ( obj_perms.group_u == 1 )
+        {
+            perm_rights = perm_rights | AuthRequest::USE;
+        }
+        if ( obj_perms.group_m == 1 )
+        {
+            perm_rights = perm_rights | AuthRequest::MANAGE;
+        }
+        if ( obj_perms.group_a == 1 )
+        {
+            perm_rights = perm_rights | AuthRequest::ADMIN;
+        }
+
+        tmp_rule = new AclRule(0, perm_user, perm_resource, perm_rights);
+
+        tmp_rules.insert( make_pair(tmp_rule->user, tmp_rule) );
+
+        // Rule     "*     ob_type/#oid  others_rights"
+        perm_user       = AclRule::ALL_ID;
+        perm_rights     = 0;
+
+        if ( obj_perms.other_u == 1 )
+        {
+            perm_rights = perm_rights | AuthRequest::USE;
+        }
+        if ( obj_perms.other_m == 1 )
+        {
+            perm_rights = perm_rights | AuthRequest::MANAGE;
+        }
+        if ( obj_perms.other_a == 1 )
+        {
+            perm_rights = perm_rights | AuthRequest::ADMIN;
+        }
+
+        tmp_rule = new AclRule(0, perm_user, perm_resource, perm_rights);
+
+        tmp_rules.insert( make_pair(tmp_rule->user, tmp_rule) );
     }
-    if ( obj_perms.owner_m == 1 )
-    {
-        perm_rights = perm_rights | AuthRequest::MANAGE;
-    }
-    if ( obj_perms.owner_a == 1 )
-    {
-        perm_rights = perm_rights | AuthRequest::ADMIN;
-    }
-
-    tmp_rule = new AclRule(0, perm_user, perm_resource, perm_rights);
-
-    tmp_rules.insert( make_pair(tmp_rule->user, tmp_rule) );
-
-    // Rule     "@gid  ob_type/#oid  group_rights"
-    perm_user       = AclRule::GROUP_ID | obj_perms.gid;
-    perm_rights     = 0;
-
-    if ( obj_perms.group_u == 1 )
-    {
-        perm_rights = perm_rights | AuthRequest::USE;
-    }
-    if ( obj_perms.group_m == 1 )
-    {
-        perm_rights = perm_rights | AuthRequest::MANAGE;
-    }
-    if ( obj_perms.group_a == 1 )
-    {
-        perm_rights = perm_rights | AuthRequest::ADMIN;
-    }
-
-    tmp_rule = new AclRule(0, perm_user, perm_resource, perm_rights);
-
-    tmp_rules.insert( make_pair(tmp_rule->user, tmp_rule) );
-
-    // Rule     "*     ob_type/#oid  others_rights"
-    perm_user       = AclRule::ALL_ID;
-    perm_rights     = 0;
-
-    if ( obj_perms.other_u == 1 )
-    {
-        perm_rights = perm_rights | AuthRequest::USE;
-    }
-    if ( obj_perms.other_m == 1 )
-    {
-        perm_rights = perm_rights | AuthRequest::MANAGE;
-    }
-    if ( obj_perms.other_a == 1 )
-    {
-        perm_rights = perm_rights | AuthRequest::ADMIN;
-    }
-
-    tmp_rule = new AclRule(0, perm_user, perm_resource, perm_rights);
-
-    tmp_rules.insert( make_pair(tmp_rule->user, tmp_rule) );
-
     // ---------------------------------------------------
     // Look for rules that apply to everyone
     // ---------------------------------------------------
diff --git a/src/authm/AuthManager.cc b/src/authm/AuthManager.cc
index 6ceb696f0b..6c80871d4f 100644
--- a/src/authm/AuthManager.cc
+++ b/src/authm/AuthManager.cc
@@ -57,8 +57,6 @@ void AuthRequest::add_auth(Object                        ob,
         {
             oss << "-:";
         }
-
-        ob_perms.oid = -1;
     }
     else
     {