You are viewing a plain text version of this content. The canonical link for it is here.

Posted to slide-user@jakarta.apache.org by Brandon Dove <bc...@ureach.com> on 2005/08/25 21:27:31 UTC

Problems with ACL

In my Domain.xml I have:

<data>
  <objectnode classname="org.apache.slide.structure.SubjectNode"
uri="/">
    <permission action="all" subject="/roles/root"
inheritable="true"/>
    <permission action="/actions/read-acl" subject="all"
inheritable="true" negative="true"/>
    <permission action="/actions/write-acl" subject="all"
inheritable="true" negative="true"/>
    <permission action="/actions/unlock" subject="all"
inheritable="true" negative="true"/>
    <permission action="/actions/read" subject="all"
inheritable="true"/>

   [...]

   <objectnode
classname="org.apache.slide.structure.SubjectNode" uri="/files">
     <permission action="/actions/write" subject="/roles/user"
inheritable="true"/>
     <permission action="/actions/read-acl" subject="owner"
inheritable="true"/>
   </objectnode>

   [...]

  </objectnode>
</data>

I have two files stored in /files -- one is owned by user "test"
and the other is owned by user "test2". Both users are able to
see both files even though the files are owned by different
users. I'm confused as to why both users can see both files. Do
the permissions for the "/files" uri not override those set for
"/"? Given the permissions I've specified I would expect that
only the owner of the resource would be able to see it.

Any insight is appreciated.

Cheers,

Brandon


________________________________________________
Get your own "800" number
Voicemail, fax, email, and a lot more
http://www.ureach.com/reg/tag

---------------------------------------------------------------------
To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-user-help@jakarta.apache.org

RE: Problems with ACL

Posted by Michael Oliver <ol...@alariussystems.com>.

Hint, I wager the users can't see the acls for the other documents.

/actions/read/ and /actions/read-acl/ are two different things.

Michael Oliver
CTO
Alarius Systems LLC
6800 E. Lake Mead Blvd, #1096
Las Vegas, NV 89156
Phone:(702)643-7425
Fax:(702)974-0341
*Note new email changed from oliverm@matrix-media.com
-----Original Message-----
From: Brandon Dove [mailto:bcdove@ureach.com] 
Sent: Thursday, August 25, 2005 12:28 PM
To: slide-user@jakarta.apache.org
Subject: Problems with ACL

In my Domain.xml I have:

<data>
  <objectnode classname="org.apache.slide.structure.SubjectNode"
uri="/">
    <permission action="all" subject="/roles/root"
inheritable="true"/>
    <permission action="/actions/read-acl" subject="all"
inheritable="true" negative="true"/>
    <permission action="/actions/write-acl" subject="all"
inheritable="true" negative="true"/>
    <permission action="/actions/unlock" subject="all"
inheritable="true" negative="true"/>
    <permission action="/actions/read" subject="all"
inheritable="true"/>

   [...]

   <objectnode
classname="org.apache.slide.structure.SubjectNode" uri="/files">
     <permission action="/actions/write" subject="/roles/user"
inheritable="true"/>
     <permission action="/actions/read-acl" subject="owner"
inheritable="true"/>
   </objectnode>

   [...]

  </objectnode>
</data>

I have two files stored in /files -- one is owned by user "test"
and the other is owned by user "test2". Both users are able to
see both files even though the files are owned by different
users. I'm confused as to why both users can see both files. Do
the permissions for the "/files" uri not override those set for
"/"? Given the permissions I've specified I would expect that
only the owner of the resource would be able to see it.

Any insight is appreciated.

Cheers,

Brandon


________________________________________________
Get your own "800" number
Voicemail, fax, email, and a lot more
http://www.ureach.com/reg/tag

---------------------------------------------------------------------
To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-user-help@jakarta.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-user-help@jakarta.apache.org