Listing objects should check ACL on attributes

Description

When using objects::ls ACL can be checked by sending a parameter but it only does basic acl check, it does not check asked attributes are allowed (this is done in webservice since fd-plugins#5704 (closed) but should be moved to objects::) Also all attributes are allowed in the filter which can lead to information leak as well

FusionDirectory Version

1.3

Steps to Reproduce

1. Use objects::ls through code or webservice
2. You can see more info than you should

Expected behavior:

ACL should be respected for returned attributes and filter

Actual behavior:

Too much information is available

Additional Information

We should somehow still allow the use of attributes which are not in the ACL system when the caller has all rights on the given objectType. Operational attributes are also a complicated case.

created branch 5732-listing-objects-should-check-acl-on-attributes

By Côme Chilliet on 2017-11-14T10:30:20 (imported from GitLab)

mentioned in merge request !75

By Côme Chilliet on 2017-11-14T10:30:21 (imported from GitLab)

mentioned in commit 7c851860

By Côme Chilliet on 2017-11-14T10:40:24 (imported from GitLab)

mentioned in commit ed1e7343

By Côme Chilliet on 2017-11-14T10:48:40 (imported from GitLab)

mentioned in commit 82fa5126

By Côme Chilliet on 2017-11-14T11:25:14 (imported from GitLab)

mentioned in commit 893d827c

By Côme Chilliet on 2017-11-14T13:35:21 (imported from GitLab)

mentioned in commit fd-plugins@7948634e

By Côme Chilliet on 2017-11-14T13:37:34 (imported from GitLab)

created branch 5732-listing-objects-should-check-acl-on-attributes

By Côme Chilliet on 2017-11-14T15:59:19 (imported from GitLab)

mentioned in merge request !76

By Côme Chilliet on 2017-11-14T15:59:20 (imported from GitLab)

mentioned in commit 7eb89e7e

By Côme Chilliet on 2017-11-14T16:01:50 (imported from GitLab)

mentioned in issue fd-plugins#5704 (closed)

By Côme Chilliet on 2017-11-14T16:23:04 (imported from GitLab)

created branch 5732-listing-objects-should-check-acl-on-attributes

By Côme Chilliet on 2017-11-14T16:27:25 (imported from GitLab)

mentioned in merge request !77

By Côme Chilliet on 2017-11-14T16:27:26 (imported from GitLab)

mentioned in commit 8c7e4243

By Côme Chilliet on 2017-11-14T16:28:32 (imported from GitLab)

created branch 5732-listing-objects-should-check-acl-on-attributes

By Côme Chilliet on 2017-11-15T08:41:47 (imported from GitLab)

mentioned in merge request !78

By Côme Chilliet on 2017-11-15T08:41:48 (imported from GitLab)

mentioned in commit f88790fe

By Côme Chilliet on 2017-11-15T08:50:16 (imported from GitLab)

added 1h of time spent

By Côme Chilliet on 2017-11-15T09:25:58 (imported from GitLab)

created branch 5732-listing-objects-should-check-acl-on-attributes

By Côme Chilliet on 2017-11-20T14:39:29 (imported from GitLab)

mentioned in merge request !79

By Côme Chilliet on 2017-11-20T14:39:31 (imported from GitLab)