You are viewing a plain text version of this content. The canonical link for it is here.
Posted to slide-user@jakarta.apache.org by Krishna Kankipati <kk...@baan.com> on 2004/08/04 23:49:44 UTC
RE: User Authorization based on permissions set to role in Slide2
.1
Guido,
I did check both that you mentioned. The auto-versioning was set to
false in Domain.xml and when I check for property current-user-privilege-set
for folder1, it returns 'Read'. Although acl for folder1 looks like this:
Note that my user 'user1' was added to role 'user' by setting the
group-member-set property for the role 'user'.
ACL for /Slide/files/folder1:
------------------------------------------------------------
granted to /Slide/roles/user (not protected) (not inherited)
DAV:all
DAV:write
granted to property (not protected) (inherited from '/Slide/files')
DAV:read-acl
granted to /Slide/roles/root (not protected) (inherited from '/Slide/')
DAV:all
granted to all (not protected) (inherited from '/Slide/')
DAV:read
------------------------------------------------------------
So, looks like assigning the user 'user1' to role 'user' is not propogating
the permissions of role 'user' to user 'user1' ....
To make sure I also used DAVExplorer to edit the group-member-set property
of the role 'user' to include user 'user1' ... didn't help. Any thoughts?
thanks,
regards,
Krishna
-----Original Message-----
From: Guido Casper [mailto:gcasper@s-und-n.de]
Sent: Wednesday, August 04, 2004 2:25 PM
To: Slide Users Mailing List
Subject: Re: User Authorization based on permissions set to role in
Slide2 .1
Krishna Kankipati wrote:
> Hi Andrey,
> Thanks for the response. As we speak I am doing some tests
> using the Slide Command Line tool (it uses Webdav Client internally). I
> added a new user (user1) and a new role (role1) using webdav client. I did
> this using mkcol command on users and roles collection. After that I use
> Webdav client (proppatchMethod()) to set the property "group-member-set"
of
> role "role1" to include "user1" as member of this role. This seemed to
work
> fine. Also, when I use propfindMethod() from webdav client to check the
> property value of group-member-set, it shows user1 as a member of role1.
> After that I use command line tool to login as root and assign "write"
> permission on a new folder I created under /files to /roles/role1.
> The command I use is:
>
> grant write on /Slide/files/folder1 to /Slide/roles/role1
>
> If I check acl propery for /Slide/files/folder1, I can see that write
> permission is assigned to role1 for folder1.
>
> Now, when I login back as user1, I cannot upload a file to the above
folder,
> I get 403 Forbidden error.
A possible reason for 403s might be that you have auto-versioning set
but inadequate permissions on the /history folder.
You may also want to check the "current-user-privilege-set" property of
folder1 to see if the write permission gets properly propagated from
role to user.
HTH
Guido
>
> Can you validate that this works for you (I'll appreciate if you can grant
> permissions using command line tool and validate that the permission works
> properly). You can use acl command to find the permissions on any
> folder/file.
>
> thanks,
>
> regards,
> Krishna
>
>
> -----Original Message-----
> From: Andrey Shulinsky [mailto:ashulinsky@arnoldworldwide.ca]
> Sent: Wednesday, August 04, 2004 12:56 PM
> To: 'Slide Users Mailing List'
> Subject: RE: User Authorization based on permissions set to role in
> Slide2.1
>
>
> Hi, Krishna!
>
> Everything should work fine in the case you've described. Actually, I'm
> testing permissions at the moment and it's one of my own test cases. I am
> using the Security helper directly though, not the client.
> Haven't you checked the descriptors of the "role1" and the file you're
> granting access to ensure that "user1" is really in the "group-member-set"
> property of the role and that the permission is set in the file
descriptor?
>
> Yours sincerely,
> Andrey.
>
>
>>-----Original Message-----
>>From: Slide Users Mailing List [mailto:slide-user@jakarta.apache.org]
>>Sent: Wednesday, August 04, 2004 11:50 AM
>>To: 'slide-user@jakarta.apache.org'
>>Subject: User Authorization based on permissions set to role
>>in Slide2.1
>>Importance: Low
>>
>>Hi Folks,
>> I am re-posting this mail since I haven't got any
>>replies yet. I am hoping there is some developer there who
>>might have tried to play around with permissions in
>>Slide2.1M1. My problem is that when I assign some permissions
>>to a role, those permissions are not propogated to the users
>>in that role. If not for permissions what else is the purpose
>>of having roles at all? I am sure it is not just for logical
>>grouping of users. Any help is appreciated ......
>>
>>thanks in advance ....
>>
>>regards,
>>
>>Krishna
>>
>>
>>
>>> -----Original Message-----
>>>From: Krishna Kankipati
>>>Sent: Tuesday, August 03, 2004 5:47 PM
>>>To: 'oliverm@matrix-media.com'; slide-user@jakarta.apache.org
>>>Subject: User Authorization based on permissions set to role in
>>>Slide2.1
>>>
>>>Michael,
>>> I was searching the mail archive for some help on
>>
>>permissions and
>>
>>>came upon this discussion you were having with some developer which
>>
>>seemed
>>
>>>relevant to my question:
>>>
>>
>>http://www.mail-archive.com/slide-user@jakarta.apache.org/msg05056.htm
>>
>>>l
>>>
>>>Does slide permissions propogate based on role memberships.
>>
>>I mean, if
>>
>>>I create a role called "role1", and add a user called
>>
>>"user1" to it,
>>
>>>will
>>>user1 get all the permissions that are assigned to role1.
>>
>>I've seen in
>>
>>>my tests that although I gave enough "write" permissions to
>>
>>"role1",
>>
>>>Slide does not allow "user1" to write unless I add the "write"
>>>permission to "user1" itself. Am I missing something or is
>>
>>it a bug.
>>
>>>What is your opinion on this? I am using Slide 2.1M1 and
>>
>>command line
>>
>>>client to grant permissions to /Slide/files collection.
>>>
>>>thanks
>>>
>>>regards,
>>>Krishna
>>>
>>>
>>>Krishna Kankipati
>>>Software Engineer
>>>SSA Global
>>>* 1626 Cole Blvd. Golden, CO 80401, USA
>>>* 303-274-3027
>>>Fax: 303-274-3137
>>>* kkankipa@baan.com
>>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: slide-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-user-help@jakarta.apache.org