You are viewing a plain text version of this content. The canonical link for it is here.
Posted to slide-user@jakarta.apache.org by "Andrew F. Sears" <as...@xonos.com> on 2005/08/26 22:16:11 UTC
ACL with specific directory access
I'm trying to set up Slide webdav system with ACL authentication where
each of user only has access to a specific folder under FILES. A
portion of the Domain.xml is below, but the idea is that there are two
users with their own role (user ADMIN has role ADMIN, and user GENERAL
has role GENERAL). An admin can view everything in the general folder,
but can't modify it, and can modify everything in the admin folder. The
general user can only view the contents of the general folder.
When I log on as the ROOT, I can do everything that I'm supposed to, but
when I log on as either the ADMIN or GENERAL user, it permits me to log
onto the system, but I can't view contents nor modify the directories.
I was hoping that someone might know why this would be the case?
Thank you,
Andy
<slide>
<namespace name="document-repository">
...
<data>
<objectnode
classname="org.apache.slide.structure.SubjectNode" uri="/">
<permission action="all" subject="/roles/root"
inheritable="true"/>
<permission action="/actions/read-acl" subject="all"
inheritable="true" negative="true"/>
<permission action="/actions/write-acl" subject="all"
inheritable="true" negative="true"/>
<permission action="/actions/unlock" subject="all"
inheritable="true" negative="true"/>
<permission action="/actions/read" subject="all"
inheritable="true"/>
<!-- /users -->
<objectnode
classname="org.apache.slide.structure.SubjectNode" uri="/users">
<permission action="all" subject="self"
inheritable="true"/>
<objectnode
classname="org.apache.slide.structure.SubjectNode" uri="/users/docroot">
<revision>
<property
namespace="http://jakarta.apache.org/document-repository/"
name="password">docpass</property>
</revision>
</objectnode>
<!-- authenticated users -->
<objectnode
classname="org.apache.slide.structure.SubjectNode" uri="/users/admin">
<revision>
<property
namespace="http://jakarta.apache.org/document-repository/"
name="password">admin123</property>
</revision>
</objectnode>
<objectnode
classname="org.apache.slide.structure.SubjectNode" uri="/users/general">
<revision>
<property
namespace="http://jakarta.apache.org/document-repository/"
name="password">general23</property>
</revision>
</objectnode>
</objectnode>
<!-- /roles -->
<objectnode
classname="org.apache.slide.structure.SubjectNode" uri="/roles">
<permission action="all" subject="self"
inheritable="true"/>
<objectnode
classname="org.apache.slide.structure.SubjectNode" uri="/roles/root">
<revision>
<property
name="group-member-set"><![CDATA[<D:href
xmlns:D='DAV:'>/users/docroot</D:href>]]></property>
</revision>
</objectnode>
<objectnode
classname="org.apache.slide.structure.SubjectNode" uri="/roles/admin">
<revision>
<property
name="group-member-set"><![CDATA[<D:href
xmlns:D='DAV:'>/users/admin</D:href>]]></property>
</revision>
</objectnode>
<objectnode
classname="org.apache.slide.structure.SubjectNode" uri="/roles/general">
<revision>
<property
name="group-member-set"><![CDATA[<D:href
xmlns:D='DAV:'>/users/admin</D:href><D:href
xmlns:D='DAV:'>/users/general</D:href>]]></property>
</revision>
</objectnode>
</objectnode>
...
<!-- /files -->
<objectnode
classname="org.apache.slide.structure.SubjectNode" uri="/files">
<permission action="/actions/read"
subject="/roles/admin" inheritable="true"/>
<permission action="/actions/read-acl" subject="all"
inheritable="true"/>
<!-- /files/Admins -->
<objectnode
classname="org.apache.slide.structure.SubjectNode" uri="/files/Admin">
<permission action="all" subject="/roles/admin"
inheritable="true"/>
<permission action="/actions/read-acl"
subject="all" inheritable="true"/>
</objectnode>
<!-- /files/General -->
<objectnode
classname="org.apache.slide.structure.SubjectNode" uri="/files/General">
<permission action="all"
subject="/roles/general" inheritable="true"/>
<permission action="/actions/read-acl"
subject="all" inheritable="true"/>
</objectnode>
</objectnode>
...
</objectnode>
</data>
</namespace>
...
</slide>