Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Better validate ACL configuration #1187

Merged
merged 1 commit into from
Oct 1, 2024
Merged

Better validate ACL configuration #1187

merged 1 commit into from
Oct 1, 2024

Conversation

lkiesow
Copy link
Contributor

@lkiesow lkiesow commented Sep 12, 2024

The ACL configuration may not be a boolean or just any string. It must be a valid XACML. While we can't easily parse the XACML and check its correctness, we can at least check if the ACL seems to be XML.

The background for this is that with Opencast 14, acl = "false" was a valid configuration. This silently changed with Opencast 15(?) and caused Studio to upload ACL files with the contents `false", causing problems in later processing steps of Opencast. This patch makes this at least easier to spot.

@lkiesow
Better validate ACL configuration
18c472f 
The ACL configuration may not be a boolean or just any string. It must
be a valid XACML. While we can't easily parse the XACML and check its
correctness, we can at least check if the ACL seems to be XML.

The background for this is that with Opencast 14, `acl = "false"` was a
valid configuration. This silently changed with Opencast 15(?) and
caused Studio to upload ACL files with the contents `false", causing
problems in later processing steps of Opencast. This patch makes this at
least easier to spot.
@lkiesow lkiesow mentioned this pull request Sep 12, 2024
Open
LukasKalbertodt
LukasKalbertodt approved these changes Oct 1, 2024
View reviewed changes
Copy link
Member

@LukasKalbertodt LukasKalbertodt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hu, that's weird. I never intended there to be a breaking change and it must have been the result of some other change? Or a dependency update? I'm interested in what caused this, but unless someone needs to know, I won't invest the time in tracking this down.

The patch looks good!

@LukasKalbertodt LukasKalbertodt merged commit 8113b79 into elan-ev:master Oct 1, 2024
2 checks passed
@lkiesow
Copy link
Contributor Author

lkiesow commented Oct 1, 2024

It's been 3 weeks since I've looked at this, but iirc, it was your change introducing more typing to the code that chenged this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@LukasKalbertodt LukasKalbertodt LukasKalbertodt approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@lkiesow @LukasKalbertodt