You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ponymail.apache.org by Francesco Chicchiriccò <il...@apache.org> on 2017/06/06 06:15:45 UTC

Did any recent commit break private lists?

Hi all,
until recently (at least one week ago, but possibly later), I had my 
corporate Ponymail deployment successfully hide private lists from 
unauthenticated view.

After recent upgrades (not sure exactly which one, as said) instead, 
private lists are always shown, and their content is available even 
before authentication.

Did something related to that change lately?

Regards.

-- 
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/

Re: Did any recent commit break private lists?

Posted by Francesco Chicchiriccò <il...@apache.org>.

On 06/06/2017 16:44, sebb wrote:
> On 6 June 2017 at 10:55, Francesco Chicchiriccò <il...@apache.org> wrote:
>> On 06/06/2017 10:50, Daniel Gruno wrote:
>>> On 06/06/2017 08:15 AM, Francesco Chicchiriccò wrote:
>>>> Hi all,
>>>> until recently (at least one week ago, but possibly later), I had my
>>>> corporate Ponymail deployment successfully hide private lists from
>>>> unauthenticated view.
>>>>
>>>> After recent upgrades (not sure exactly which one, as said) instead,
>>>> private lists are always shown, and their content is available even
>>>> before authentication.
>>>>
>>>> Did something related to that change lately?
>>>>
>>>> Regards.
>>> I know there has been some work on completely redoing the way the AAA
>>> libraries work, perhaps this is the cause?
>>>
>>> are you on master?
>>
>> Yes sir.
>>
>>> is hidePrivate set to true in the config?
>>
>> I have
>>
>> ./site/api/lib/config.lua:    hidePrivate = true
>>
>>> did you update your own AAA to work with the new format?
>>
>> Not lately: any pointer about how to do that?
>>
>> I used to have
>>
>> site/api/lib/aaa.lua.tirasa
> That is not a PonyMail filename.
> You must have created that.
>
>> but now it seems such file must be named
>>
>> site/api/lib/aaa_site.lua
> Yes, that is the local (customised) file which is called from aaa.lua:
>
> https://github.com/apache/incubator-ponymail/blob/master/site/api/lib/aaa.lua
>
>> (which is under GIT control) instead. Is this correct?
> aaa_site.lua is not under git control.
>
> However there are some examples under
> https://github.com/apache/incubator-ponymail/tree/master/aaa_examples

Thanks for pointing out these samples: I adapted the former logic by 
following aaa_by_email_address.lua and now it seems to work.

Regards.

> If you don't provide the file, then *no* rights will be granted.
>
> See also
> https://github.com/apache/incubator-ponymail/blob/master/RELEASE-NOTES.md
> https://github.com/apache/incubator-ponymail/issues/290
> https://github.com/apache/incubator-ponymail/issues/295

-- 
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/

Re: Did any recent commit break private lists?

Posted by sebb <se...@gmail.com>.

On 6 June 2017 at 10:55, Francesco Chicchiriccò <il...@apache.org> wrote:
> On 06/06/2017 10:50, Daniel Gruno wrote:
>>
>> On 06/06/2017 08:15 AM, Francesco Chicchiriccò wrote:
>>>
>>> Hi all,
>>> until recently (at least one week ago, but possibly later), I had my
>>> corporate Ponymail deployment successfully hide private lists from
>>> unauthenticated view.
>>>
>>> After recent upgrades (not sure exactly which one, as said) instead,
>>> private lists are always shown, and their content is available even
>>> before authentication.
>>>
>>> Did something related to that change lately?
>>>
>>> Regards.
>>
>> I know there has been some work on completely redoing the way the AAA
>> libraries work, perhaps this is the cause?
>>
>> are you on master?
>
>
> Yes sir.
>
>> is hidePrivate set to true in the config?
>
>
> I have
>
> ./site/api/lib/config.lua:    hidePrivate = true
>
>> did you update your own AAA to work with the new format?
>
>
> Not lately: any pointer about how to do that?
>
> I used to have
>
> site/api/lib/aaa.lua.tirasa

That is not a PonyMail filename.
You must have created that.

> but now it seems such file must be named
>
> site/api/lib/aaa_site.lua

Yes, that is the local (customised) file which is called from aaa.lua:

https://github.com/apache/incubator-ponymail/blob/master/site/api/lib/aaa.lua

> (which is under GIT control) instead. Is this correct?

aaa_site.lua is not under git control.

However there are some examples under
https://github.com/apache/incubator-ponymail/tree/master/aaa_examples

If you don't provide the file, then *no* rights will be granted.

See also
https://github.com/apache/incubator-ponymail/blob/master/RELEASE-NOTES.md
https://github.com/apache/incubator-ponymail/issues/290
https://github.com/apache/incubator-ponymail/issues/295

>
> Regards.
>
> --
> Francesco Chicchiriccò
>
> Tirasa - Open Source Excellence
> http://www.tirasa.net/
>
> Member at The Apache Software Foundation
> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
> http://home.apache.org/~ilgrosso/
>

Re: Did any recent commit break private lists?

Posted by Francesco Chicchiriccò <il...@apache.org>.

On 06/06/2017 10:50, Daniel Gruno wrote:
> On 06/06/2017 08:15 AM, Francesco Chicchiriccò wrote:
>> Hi all,
>> until recently (at least one week ago, but possibly later), I had my
>> corporate Ponymail deployment successfully hide private lists from
>> unauthenticated view.
>>
>> After recent upgrades (not sure exactly which one, as said) instead,
>> private lists are always shown, and their content is available even
>> before authentication.
>>
>> Did something related to that change lately?
>>
>> Regards.
> I know there has been some work on completely redoing the way the AAA
> libraries work, perhaps this is the cause?
>
> are you on master?

Yes sir.

> is hidePrivate set to true in the config?

I have

./site/api/lib/config.lua:    hidePrivate = true

> did you update your own AAA to work with the new format?

Not lately: any pointer about how to do that?

I used to have

site/api/lib/aaa.lua.tirasa

but now it seems such file must be named

site/api/lib/aaa_site.lua

(which is under GIT control) instead. Is this correct?

Regards.

-- 
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/

Re: Did any recent commit break private lists?

Posted by Daniel Gruno <hu...@apache.org>.

On 06/06/2017 08:15 AM, Francesco Chicchiriccò wrote:
> Hi all,
> until recently (at least one week ago, but possibly later), I had my
> corporate Ponymail deployment successfully hide private lists from
> unauthenticated view.
> 
> After recent upgrades (not sure exactly which one, as said) instead,
> private lists are always shown, and their content is available even
> before authentication.
> 
> Did something related to that change lately?
> 
> Regards.
> 
I know there has been some work on completely redoing the way the AAA
libraries work, perhaps this is the cause?

are you on master?
is hidePrivate set to true in the config?
did you update your own AAA to work with the new format?

With regards,
Daniel.