You are viewing a plain text version of this content. The canonical link for it is here.

Posted to slide-user@jakarta.apache.org by Guido Casper <gc...@s-und-n.de> on 2002/11/18 15:13:24 UTC

WebDAV ACL Question

Hi all,

when I put my users in groups, I can give permissions to groups via
domain.xml but not via WebDAV ACL. My users node in domain.xml looks like
this:
<objectnode classname="org.apache.slide.structure.SubjectNode" uri="/users">
      <objectnode classname="slideroles.basic.RootRoleImpl"
uri="/users/root">
            <revision>
                  <property namespace="http://jakarta.apache.org/slide/"
name="password">root</property>
            </revision>
      </objectnode>

      <objectnode classname="org.apache.slide.structure.SubjectNode"
uri="/users/guido"/>
      <objectnode classname="org.apache.slide.structure.SubjectNode"
uri="/users/willi"/>

      <objectnode classname="org.apache.slide.structure.GroupNode"
uri="/users/LayoutGroup">
            <objectnode classname="org.apache.slide.structure.LinkNode"
uri="/users/LayoutGroup/guido" linkedUri="/users/guido"/>
      </objectnode>

</objectnode>

The following works without a problem:
<D:acl xmlns:D="DAV:">
         <D:ace>
            <D:principal>
                <D:href>/users/guido</D:href>
            </D:principal>
            <D:grant>
               <D:privilege><D:all/></D:privilege>
            </D:grant>
         </D:ace>
 </D:acl>

However executing this:
<D:acl xmlns:D="DAV:">
         <D:ace>
            <D:principal>
                <D:href>/users/LayoutGroup</D:href>
            </D:principal>
            <D:grant>
               <D:privilege><D:all/></D:privilege>
            </D:grant>
         </D:ace>
 </D:acl>

is reflected in the ACLs of each affected resource but does not give
permissions to users within that group. I also tried grouping without the
use of LinkNode.
<objectnode classname="org.apache.slide.structure.GroupNode"
uri="/users/LayoutGroup">
      <objectnode classname="org.apache.slide.structure.SubjectNode"
uri="/users/LayoutDeployer/guido"/>
</objectnode>

without success.

My first investigations on
http://www.webdav.org/acl/protocol/draft-ietf-webdav-acl-10.htm
seem to indicate that group memberships are to be reflected in the
properties DAV:group-member-set and DAV:group-membership and these are not
yet implemented in Slide.

Are my assumptions correct or am I doing something wrong?

Thanks for your help
Guido



--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Re: WebDAV ACL Question

Posted by Guido Casper <gc...@s-und-n.de>.

> did you try +/users/LayoutGroup ?

I just tried it and it works.
Thanks Andreas, you saved my day (and of course the great guys who
implemented this).

Guido


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Re: WebDAV ACL Question

Posted by Andreas Probst <an...@gmx.net>.

Hi Guido,

did you try +/users/LayoutGroup ?

A comment in Domain.xml says that the plus sign is used to 
reference a group. SecurityImpl checks for the plus and only 
then resolves the children of a group node.

Regards,
Andreas


On 18 Nov 2002 at 15:13, Guido Casper wrote:

> Hi all,
> 
> when I put my users in groups, I can give permissions to groups
> via domain.xml but not via WebDAV ACL. My users node in
> domain.xml looks like this: <objectnode
> classname="org.apache.slide.structure.SubjectNode" uri="/users">
>       <objectnode classname="slideroles.basic.RootRoleImpl"
> uri="/users/root">
>             <revision>
>                   <property
>                   namespace="http://jakarta.apache.org/slide/"
> name="password">root</property>
>             </revision>
>       </objectnode>
> 
>       <objectnode
>       classname="org.apache.slide.structure.SubjectNode"
> uri="/users/guido"/>
>       <objectnode
>       classname="org.apache.slide.structure.SubjectNode"
> uri="/users/willi"/>
> 
>       <objectnode
>       classname="org.apache.slide.structure.GroupNode"
> uri="/users/LayoutGroup">
>             <objectnode
>             classname="org.apache.slide.structure.LinkNode"
> uri="/users/LayoutGroup/guido" linkedUri="/users/guido"/>
>       </objectnode>
> 
> </objectnode>
> 
> The following works without a problem:
> <D:acl xmlns:D="DAV:">
>          <D:ace>
>             <D:principal>
>                 <D:href>/users/guido</D:href>
>             </D:principal>
>             <D:grant>
>                <D:privilege><D:all/></D:privilege>
>             </D:grant>
>          </D:ace>
>  </D:acl>
> 
> However executing this:
> <D:acl xmlns:D="DAV:">
>          <D:ace>
>             <D:principal>
>                 <D:href>/users/LayoutGroup</D:href>
>             </D:principal>
>             <D:grant>
>                <D:privilege><D:all/></D:privilege>
>             </D:grant>
>          </D:ace>
>  </D:acl>
> 
> is reflected in the ACLs of each affected resource but does not
> give permissions to users within that group. I also tried
> grouping without the use of LinkNode. <objectnode
> classname="org.apache.slide.structure.GroupNode"
> uri="/users/LayoutGroup">
>       <objectnode
>       classname="org.apache.slide.structure.SubjectNode"
> uri="/users/LayoutDeployer/guido"/>
> </objectnode>
> 
> without success.
> 
> My first investigations on
> http://www.webdav.org/acl/protocol/draft-ietf-webdav-acl-10.htm
> seem to indicate that group memberships are to be reflected in
> the properties DAV:group-member-set and DAV:group-membership and
> these are not yet implemented in Slide.
> 
> Are my assumptions correct or am I doing something wrong?
> 
> Thanks for your help
> Guido
> 
> 
> 
> --
> To unsubscribe, e-mail:  
> <ma...@jakarta.apache.org> For additional
> commands, e-mail: <ma...@jakarta.apache.org>
> 



--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>