Code Monkey home page Code Monkey logo

Comments (3)

bencomp avatar bencomp commented on September 26, 2024

What do you mean by "allows reasoning about inaccessible material"? Why does the ACL graph wrapper throw ItemNotFound when it is actually AccessDenied? It sounds like the latter should be changed if it is what happened - otherwise we might get situations like:

  1. person A adds something (X) in a scope that person B isn't allowed to see.
  2. person A tells B about it and gives a link.
  3. B gets ItemNotFound
  4. B comes to us and we have to explain, after a manual check, that B has no access.

from ehri-rest.

mikesname avatar mikesname commented on September 26, 2024

The wrapper is a very low-level one which filters all index lookup and traversal operations based on what a given user has access to. It knows nothing about the situation or how the material was accessed. The advantages are:

  • it (theoretically, at least) won't allow the ACL to "leak", i.e. get erroneous access to something indirectly, because we only secured the direct route
  • it (again, theoretically) allows us to greatly simplify lots of boilerplate ACL checking code at the view API level

The main disadvantages are:

  • it knows nothing about the situation or how the material was accessed, so you lose some specificity
  • applies a lot more calculation to each traversal, potentially making things slower (though I haven't noticed this in practice)

I have to credit Linda for the "reasoning about inaccessible material" bit, and whether or not the point is really relevant in our case, it's still a point. A login system, for example, shouldn't allow an attacker to determine the existence and validity of a given email by giving a different error message for one that's registered than for one that's unknown to the system.

In my mind, the main wins are being able to simplify lots of the code, and worry less about leaky ACL. And it's conceptually elegant I think - if you don't have access to it, it simply isn't there.

To add more context - I have a branch acl_graph which does this stuff, but the wrapper is only used in the REST extension. All the tests pass, but I'm not planning to deploy it any time soon.

from ehri-rest.

mikesname avatar mikesname commented on September 26, 2024

That said, I totally see you point and it could be a very real problem. One "solution" might just be to change the 404 message:

"This item cannot be found or is not accessible with your current access level"

from ehri-rest.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.