You are viewing a plain text version of this content. The canonical link for it is here.
Posted to slide-user@jakarta.apache.org by James Mason <ma...@apache.org> on 2004/08/05 02:01:56 UTC
Re: User Authorization based on permissions set to role in Slide2
.1
I don't think you need the /Slide part on there. It should just be
/users/user1.
The empty and tab spaces are a bug that is fixed in the next release.
XML data isn't converted to strings properly.
-James
Krishna Kankipati wrote:
> James,
> Here is the output of the group-member-set property of the role
> "user". Note the value has lot of empty and tab spaces
>
>
> /Slide/users/user1
>
>
> Java code used to get this property value
> ============================================================================
> ===================
> String sPropertyName = "group-member-set";
> Enumeration enumProperties = webDavResource.propfindMethod(sPropertyName);
>
> ============================================================================
> =====================
>
> Krishna
>
>
>
> -----Original Message-----
> From: James Mason [mailto:masonjm@apache.org]
> Sent: Wednesday, August 04, 2004 4:57 PM
> To: Slide Users Mailing List
> Subject: Re: User Authorization based on permissions set to role in
> Slide2 .1
>
>
> Can you paste the contents of the group-member-set property of the user
> role? If you notice the root user doesn't have any explicit rights to
> the /files node, everything is inherited through the root role. My guess
> is your user isn't making it into the role properly.
>
> -James
>
> Krishna Kankipati wrote:
>
>
>>Jason,
>> I checked the acl for this folder, it looks like this:
>>
>>ACL for /Slide/files/folder1:
>>------------------------------------------------------------
>>granted to /Slide/roles/user (not protected) (not inherited)
>> DAV:all
>> DAV:write
>>granted to property (not protected) (inherited from '/Slide/files')
>> DAV:read-acl
>>granted to /Slide/roles/root (not protected) (inherited from
>
> '/Slide/')
>
>> DAV:all
>>granted to all (not protected) (inherited from '/Slide/')
>> DAV:read
>>------------------------------------------------------------
>>
>>I added my user 'user1' to role called 'user' using group-member-set
>>property (also checked it). Since the role 'user' has the permissions to
>>write to folder 'folder1', as seen by the ACL output, and there seems to
>
> be
>
>>no contradiction to any other ace's in the acl list, I expected my user
>>'user1' to have necessary permissions to upload a file to 'folder1'. But I
>>get 403 forbidden error. I can login as root and using the same command
>
> can
>
>>upload a file to 'folder1'. So, I am not sure whats wrong. Initially I
>>thought may be the group-member-set is not set properly, so used
>
> DAVExplorer
>
>>to do the same with no avail. Do you think I am missing something, how do
>
> I
>
>>debug this situation?
>>
>>
>>thanks,
>>
>>regards,
>>Krishna
>>
>>
>>
>>-----Original Message-----
>>From: James Mason [mailto:masonjm@apache.org]
>>Sent: Wednesday, August 04, 2004 2:34 PM
>>To: Slide Users Mailing List
>>Subject: Re: User Authorization based on permissions set to role in
>>Slide2.1
>>
>>
>>Krishna,
>>Permissions on a role are inherited by the members of that role, yes.
>>One thing to check is that your user isn't being denied write access but
>>another ACL that's higher in the list. ACLs are checked in order and the
>>first one that applies takes precedence. If user1 is in a role that has
>>been denied the ability to write, and that ACE appears in the ACL before
>>the permission that grants write access, user1 will not have write access.
>>
>>-James
>>
>>Krishna Kankipati wrote:
>>
>>
>>
>>>Hi Folks,
>>> I am re-posting this mail since I haven't got any replies yet. I am
>>>hoping there is some developer there who might have tried to play around
>>>with permissions in Slide2.1M1. My problem is that when I assign some
>>>permissions to a role, those permissions are not propogated to the users
>>
>>in
>>
>>
>>>that role. If not for permissions what else is the purpose of having roles
>>>at all? I am sure it is not just for logical grouping of users. Any help
>>
>>is
>>
>>
>>>appreciated ......
>>>
>>>thanks in advance ....
>>>
>>>regards,
>>>
>>>Krishna
>>>
>>>
>>>
>>>
>>>
>>>>-----Original Message-----
>>>>From: Krishna Kankipati
>>>>Sent: Tuesday, August 03, 2004 5:47 PM
>>>>To: 'oliverm@matrix-media.com'; slide-user@jakarta.apache.org
>>>>Subject: User Authorization based on permissions set to role in
>>>>Slide2.1
>>>>
>>>>Michael,
>>>> I was searching the mail archive for some help on permissions and
>>>>came upon this discussion you were having with some developer which
>
> seemed
>
>>>>relevant to my question:
>>>>http://www.mail-archive.com/slide-user@jakarta.apache.org/msg05056.html
>>>>
>>>>Does slide permissions propogate based on role memberships. I mean, if I
>>>>create a role called "role1", and add a user called "user1" to it, will
>>>>user1 get all the permissions that are assigned to role1. I've seen in my
>>>>tests that although I gave enough "write" permissions to "role1", Slide
>>>>does not allow "user1" to write unless I add the "write" permission to
>>>>"user1" itself. Am I missing something or is it a bug. What is your
>>>>opinion on this? I am using Slide 2.1M1 and command line client to grant
>>>>permissions to /Slide/files collection.
>>>>
>>>>thanks
>>>>
>>>>regards,
>>>>Krishna
>>>>
>>>>
>>>>Krishna Kankipati
>>>>Software Engineer
>>>>SSA Global
>>>>* 1626 Cole Blvd. Golden, CO 80401, USA
>>>>* 303-274-3027
>>>>Fax: 303-274-3137
>>>>* kkankipa@baan.com
>>>>
>>>
>>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: slide-user-help@jakarta.apache.org
>>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: slide-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-user-help@jakarta.apache.org