You are viewing a plain text version of this content. The canonical link for it is here.
Posted to slide-dev@jakarta.apache.org by Johan Stuyts <j....@hippo.nl> on 2004/06/15 16:39:58 UTC
MKCOL in files collection requires read access on root collection?
Hello,
I've posted this before on the user list, but I thought this might be more appropriate on the dev list. I've encountered other 'strange' behaviour and will post about it tomorrow.
When I try to make a collection under /files as another user than root the method fails. The logs contain an entry stating that access id denied because the user has no read privilege on the root collection.
I don't understand why this happens. The user has full rights to the /files collection and listing its items works fine. Can someone clarify why this happens?
I've included the log entry and some authorization properties of /files below.
Kind regards,
Johan Stuyts
Hippo Webworks
The log entry:
DEBUG (2004-06-15) 13:06.25:843 [slide.repository] (Unknown-URI) Unknown-thread/SlideLoggerAdapter: org.apache.slide.security.AccessDeniedException: Access denied on / by user /users/jstuyts for action /actions/read
Below is the PROPFIND result for acl, inherited-acl-set and current-user-privilege-set:
<?xml version="1.0" encoding="UTF-8"?>
<D:multistatus xmlns:D="DAV:">
<D:response>
<D:href>/webdav/files</D:href>
<D:propstat>
<D:prop>
<D:acl>
<D:ace>
<D:principal>
<D:href>/roles/root</D:href>
</D:principal>
<D:grant>
<D:privilege>
<D:all/>
</D:privilege>
</D:grant>
</D:ace>
<D:ace>
<D:principal>
<D:href>/users/jstuyts</D:href>
</D:principal>
<D:grant>
<D:privilege>
<D:all/>
</D:privilege>
</D:grant>
</D:ace>
<D:ace>
<D:principal>
<D:all/>
</D:principal>
<D:deny>
<D:privilege>
<D:all/>
</D:privilege>
</D:deny>
</D:ace>
<D:ace>
<D:principal>
<D:href>/roles/root</D:href>
</D:principal>
<D:grant>
<D:privilege>
<D:all/>
</D:privilege>
</D:grant>
<D:inherited>
<D:href>/</D:href>
</D:inherited>
</D:ace>
<D:ace>
<D:principal>
<D:all/>
</D:principal>
<D:deny>
<D:privilege>
<D:all/>
</D:privilege>
</D:deny>
<D:inherited>
<D:href>/</D:href>
</D:inherited>
</D:ace>
</D:acl>
</D:prop>
<D:status>HTTP/1.1 200 OK</D:status>
</D:propstat>
</D:response>
</D:multistatus>
<?xml version="1.0" encoding="UTF-8"?>
<D:multistatus xmlns:D="DAV:">
<D:response>
<D:href>/webdav/files</D:href>
<D:propstat>
<D:prop>
<D:inherited-acl-set/>
</D:prop>
<D:status>HTTP/1.1 200 OK</D:status>
</D:propstat>
</D:response>
</D:multistatus>
<?xml version="1.0" encoding="UTF-8"?>
<D:multistatus xmlns:D="DAV:">
<D:response>
<D:href>/webdav/files</D:href>
<D:propstat>
<D:prop>
<D:current-user-privilege-set>
<D:privilege>
<D:read/>
</D:privilege>
<D:privilege>
<D:read-acl/>
</D:privilege>
<D:privilege>
<D:read-current-user-privilege-set/>
</D:privilege>
<D:privilege>
<D:write/>
</D:privilege>
<D:privilege>
<D:write-acl/>
</D:privilege>
<D:privilege>
<D:write-properties/>
</D:privilege>
<D:privilege>
<D:write-content/>
</D:privilege>
<D:privilege>
<D:bind/>
</D:privilege>
<D:privilege>
<D:unbind/>
</D:privilege>
<D:privilege>
<D:unlock/>
</D:privilege>
</D:current-user-privilege-set>
</D:prop>
<D:status>HTTP/1.1 200 OK</D:status>
</D:propstat>
</D:response>
</D:multistatus>
---------------------------------------------------------------------
To unsubscribe, e-mail: slide-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-dev-help@jakarta.apache.org