Inconsistent ACL semantics in HTTP API stat
Laura Lo Gerfo
Hello,
I’m observing inconsistent ACL behavior in the HTTP API between collection and data-object stat operations.
Environment:
iRODS server: 5.0.1
iRODS HTTP API: 0.6.0
Test case:
- Collection: /tempZone/home/TEST001
- Data object: /tempZone/home/TEST001/test.txt
ACLs were assigned only to groups (TEST001, TEST001_users), no direct user ACLs.
CLI verification (ils -A):
ils -A /tempZone/home/
TEST001
ils -A /tempZone/home/TEST001/test.txt
Both outputs show only group ACL entries
HTTP API behavior:
GET /collections?op=stat&lpath=/tempZone/home/TEST001 returns group ACLs as expected.
GET /data-objects?op=stat&lpath=/tempZone/home/TEST001/test.txt returns group ACLs and also users belonging to those groups.
Is this intended behavior?
Thanks in Advance,
Laura
Kory Draughn
--
--
The Integrated Rule-Oriented Data System (iRODS) - https://irods.org
iROD-Chat: http://groups.google.com/group/iROD-Chat
---
You received this message because you are subscribed to the Google Groups "iRODS-Chat" group.
To unsubscribe from this group and stop receiving emails from it, send an email to irod-chat+...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/irod-chat/340be075-2a61-44db-bebf-372246229c12n%40googlegroups.com.
Laura Lo Gerfo
HTTP API Collection
http://api.rdm-portal.org/irods-http-api/0.6.0/collections?op=stat&lpath={{collection_path}}
{
"inheritance_enabled": true,
"irods_response": {
"status_code": 0
},
"modified_at": 1771859778,
"permissions": [
{
"name": "FACILITY_CODE",
"perm": "own",
"type": "rodsgroup",
"zone": "tempZone"
},
{
"name": "FACILITY_CODE_users",
"perm": "modify_object",
"type": "rodsgroup",
"zone": "tempZone"
}
],
"registered": true,
"type": "collection"
}
HTTP API Data-objects
http://api.rdm-portal.org/irods-http-api/0.6.0/data-objects?op=stat&lpath={{data_object_path}}
{
"checksum": "",
"irods_response": {
"status_code": 0
},
"modified_at": 1771859779,
"permissions": [
{
"name": "group_member_01",
"perm": "own",
"type": "rodsgroup",
"zone": "tempZone"
},
{
"name": "group_member_02",
"perm": "modify_object",
"type": "rodsgroup",
"zone": "tempZone"
},
{
"name": "group_member_03",
"perm": "modify_object",
"type": "rodsgroup",
"zone": "tempZone"
},
{
"name": "group_member_04",
"perm": "own",
"type": "rodsgroup",
"zone": "tempZone"
},
{
"name": "FACILITY_CODE",
"perm": "own",
"type": "rodsgroup",
"zone": "tempZone"
},
{
"name": "FACILITY_CODE_users",
"perm": "modify_object",
"type": "rodsgroup",
"zone": "tempZone"
},
{
"name": "group_member_05",
"perm": "modify_object",
"type": "rodsgroup",
"zone": "tempZone"
},
{
"name": "group_member_06",
"perm": "own",
"type": "rodsgroup",
"zone": "tempZone"
},
{
"name": "group_member_07",
"perm": "modify_object",
"type": "rodsgroup",
"zone": "tempZone"
}
],
"size": 4,
"type": "data_object"
}
Command:
ils -A /tempZone/home/FACILITY_CODE/
Output:
/tempZone/home/FACILITY_CODE:
ACL - g:FACILITY_CODE#tempZone:own
g:FACILITY_CODE_users#tempZone:modify_object
Inheritance - Enabled
test.txt
ACL - g:FACILITY_CODE#tempZone:own
g:FACILITY_CODE_users#tempZone:modify_object
Command:
ils -A /tempZone/home/FACILITY_CODE/test.txt
Output:
/tempZone/home/FACILITY_CODE/test.txt
ACL - g:FACILITY_CODE#tempZone:own
g:FACILITY_CODE_users#tempZone:modify_object
Thanks,
Laura
To view this discussion visit https://groups.google.com/d/msgid/irod-chat/CAA-7h7%3DbEdPOVK5GYWoeECxYcxYig4ZwwJ0gr%3DWf%2BMWna98nzA%40mail.gmail.com.
Kory Draughn
To view this discussion visit https://groups.google.com/d/msgid/irod-chat/VI1PR06MB8927080229E8F7D71EC643578274A%40VI1PR06MB8927.eurprd06.prod.outlook.com.
Laura Lo Gerfo
Hi Kory,
Do we need to open an issue on the dedicated GitHub repository (http api) to report this?
To view this discussion visit https://groups.google.com/d/msgid/irod-chat/CAA-7h7mW2UTkZY6aJrY%3D1AW6c7TwSH7U19bzhNu-N-302sgj_w%40mail.gmail.com.
Kory Draughn
To view this discussion visit https://groups.google.com/d/msgid/irod-chat/VI1PR06MB8927228453DC0CF33B35FA408275A%40VI1PR06MB8927.eurprd06.prod.outlook.com.