[prev in list] [next in list] [prev in thread] [next in thread] 

List:       slide-dev
Subject:    DO NOT REPLY [Bug 41489]  New:  - 207 instead of 403 response for MOVE/COPY/DELETE (+ suggested fix)
From:       bugzilla () apache ! org
Date:       2007-01-29 10:22:26
Message-ID: bug-41489-4429 () http ! issues ! apache ! org/bugzilla/
[Download RAW message or body]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=41489>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=41489

           Summary: 207 instead of 403 response for MOVE/COPY/DELETE (+
                    suggested fix)
           Product: Slide
           Version: 2.1
          Platform: All
        OS/Version: All
            Status: NEW
          Keywords: RFC
          Severity: major
          Priority: P2
         Component: WebDAV Server
        AssignedTo: slide-dev@jakarta.apache.org
        ReportedBy: aspencer-ext@airfrance.fr


For some WebDAV requests we get a 207 Multistatus returned when we would expect
a 403 Forbidden.

Steps to reproduce:
 - incoming request is MOVE, COPY or DELETE
 - object being moved/copied/deleted is a collection
 - user does not have the rights to make this operation

Actual results:
 - generation of a 207 Multi Status response

Apparent cause:
 - org.apache.slide.webdav.method.AbstractMultistatusResponseMethod 
Method generateMultiStatusResponse()
line 121 :
   isMultiStatus =  ! resourceURI.equals(MethodUtil.getURI(unpackedException));
is inconsistent with the method's Javadoc comment.  We should be generating a
multi status response when the two values are equal, not when they are unequal
(as now).  Deleting the operator ! on the above line corrects the bug described
above: a 403 response is generated as expected.

Expected results:
 - generation of a 403 Forbidden reponse

Build:
The bug was observed on v2.1 but the offending line is still present in the
latest version on the repository.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: slide-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-dev-help@jakarta.apache.org

[prev in list] [next in list] [prev in thread] [next in thread]