You are viewing a plain text version of this content. The canonical link for it is here.
Posted to slide-user@jakarta.apache.org by Guido Casper <gc...@s-und-n.de> on 2002/11/18 15:13:24 UTC
WebDAV ACL Question
Hi all,
when I put my users in groups, I can give permissions to groups via
domain.xml but not via WebDAV ACL. My users node in domain.xml looks like
this:
<objectnode classname="org.apache.slide.structure.SubjectNode" uri="/users">
<objectnode classname="slideroles.basic.RootRoleImpl"
uri="/users/root">
<revision>
<property namespace="http://jakarta.apache.org/slide/"
name="password">root</property>
</revision>
</objectnode>
<objectnode classname="org.apache.slide.structure.SubjectNode"
uri="/users/guido"/>
<objectnode classname="org.apache.slide.structure.SubjectNode"
uri="/users/willi"/>
<objectnode classname="org.apache.slide.structure.GroupNode"
uri="/users/LayoutGroup">
<objectnode classname="org.apache.slide.structure.LinkNode"
uri="/users/LayoutGroup/guido" linkedUri="/users/guido"/>
</objectnode>
</objectnode>
The following works without a problem:
<D:acl xmlns:D="DAV:">
<D:ace>
<D:principal>
<D:href>/users/guido</D:href>
</D:principal>
<D:grant>
<D:privilege><D:all/></D:privilege>
</D:grant>
</D:ace>
</D:acl>
However executing this:
<D:acl xmlns:D="DAV:">
<D:ace>
<D:principal>
<D:href>/users/LayoutGroup</D:href>
</D:principal>
<D:grant>
<D:privilege><D:all/></D:privilege>
</D:grant>
</D:ace>
</D:acl>
is reflected in the ACLs of each affected resource but does not give
permissions to users within that group. I also tried grouping without the
use of LinkNode.
<objectnode classname="org.apache.slide.structure.GroupNode"
uri="/users/LayoutGroup">
<objectnode classname="org.apache.slide.structure.SubjectNode"
uri="/users/LayoutDeployer/guido"/>
</objectnode>
without success.
My first investigations on
http://www.webdav.org/acl/protocol/draft-ietf-webdav-acl-10.htm
seem to indicate that group memberships are to be reflected in the
properties DAV:group-member-set and DAV:group-membership and these are not
yet implemented in Slide.
Are my assumptions correct or am I doing something wrong?
Thanks for your help
Guido
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: WebDAV ACL Question
Posted by Guido Casper <gc...@s-und-n.de>.
> did you try +/users/LayoutGroup ?
I just tried it and it works.
Thanks Andreas, you saved my day (and of course the great guys who
implemented this).
Guido
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: WebDAV ACL Question
Posted by Andreas Probst <an...@gmx.net>.
Hi Guido,
did you try +/users/LayoutGroup ?
A comment in Domain.xml says that the plus sign is used to
reference a group. SecurityImpl checks for the plus and only
then resolves the children of a group node.
Regards,
Andreas
On 18 Nov 2002 at 15:13, Guido Casper wrote:
> Hi all,
>
> when I put my users in groups, I can give permissions to groups
> via domain.xml but not via WebDAV ACL. My users node in
> domain.xml looks like this: <objectnode
> classname="org.apache.slide.structure.SubjectNode" uri="/users">
> <objectnode classname="slideroles.basic.RootRoleImpl"
> uri="/users/root">
> <revision>
> <property
> namespace="http://jakarta.apache.org/slide/"
> name="password">root</property>
> </revision>
> </objectnode>
>
> <objectnode
> classname="org.apache.slide.structure.SubjectNode"
> uri="/users/guido"/>
> <objectnode
> classname="org.apache.slide.structure.SubjectNode"
> uri="/users/willi"/>
>
> <objectnode
> classname="org.apache.slide.structure.GroupNode"
> uri="/users/LayoutGroup">
> <objectnode
> classname="org.apache.slide.structure.LinkNode"
> uri="/users/LayoutGroup/guido" linkedUri="/users/guido"/>
> </objectnode>
>
> </objectnode>
>
> The following works without a problem:
> <D:acl xmlns:D="DAV:">
> <D:ace>
> <D:principal>
> <D:href>/users/guido</D:href>
> </D:principal>
> <D:grant>
> <D:privilege><D:all/></D:privilege>
> </D:grant>
> </D:ace>
> </D:acl>
>
> However executing this:
> <D:acl xmlns:D="DAV:">
> <D:ace>
> <D:principal>
> <D:href>/users/LayoutGroup</D:href>
> </D:principal>
> <D:grant>
> <D:privilege><D:all/></D:privilege>
> </D:grant>
> </D:ace>
> </D:acl>
>
> is reflected in the ACLs of each affected resource but does not
> give permissions to users within that group. I also tried
> grouping without the use of LinkNode. <objectnode
> classname="org.apache.slide.structure.GroupNode"
> uri="/users/LayoutGroup">
> <objectnode
> classname="org.apache.slide.structure.SubjectNode"
> uri="/users/LayoutDeployer/guido"/>
> </objectnode>
>
> without success.
>
> My first investigations on
> http://www.webdav.org/acl/protocol/draft-ietf-webdav-acl-10.htm
> seem to indicate that group memberships are to be reflected in
> the properties DAV:group-member-set and DAV:group-membership and
> these are not yet implemented in Slide.
>
> Are my assumptions correct or am I doing something wrong?
>
> Thanks for your help
> Guido
>
>
>
> --
> To unsubscribe, e-mail:
> <ma...@jakarta.apache.org> For additional
> commands, e-mail: <ma...@jakarta.apache.org>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>