You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@lenya.apache.org by Thorsten Scherler <th...@wyona.com> on 2006/08/22 17:45:29 UTC

[Discuss] Merge ac-restricted branch with trunk (was Re: svn commit: r433646)

El mar, 22-08-2006 a las 14:43 +0000, thorsten@apache.org escribió:
> Author: thorsten
> Date: Tue Aug 22 07:43:06 2006
> New Revision: 433646
> 
> URL: http://svn.apache.org/viewvc?rev=433646&view=rev
...
> Only one feature is missing (moving the credentials up and down) but I do not consider
> it as a blocker for a merge with trunk.

Hi all,

besides one feature 
* change credential order (move up/down)
the ac seems to be stable (I did not say without bugs). ;)

Please test the branch, that we can merge it back to the trunk. Feel
free to send patches/implement the last feature.

salu2
-- 
Thorsten Scherler
COO Spain
Wyona Inc.  -  Open Source Content Management  -  Apache Lenya
http://www.wyona.com                   http://lenya.apache.org
thorsten.scherler@wyona.com                thorsten@apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lenya.apache.org
For additional commands, e-mail: dev-help@lenya.apache.org

Re: [Discuss] Merge ac-restricted branch with trunk (was Re: svn commit: r433646)

Posted by Thorsten Scherler <th...@wyona.com>.

El mar, 22-08-2006 a las 17:45 +0200, Thorsten Scherler escribió:
> El mar, 22-08-2006 a las 14:43 +0000, thorsten@apache.org escribió:
> > Author: thorsten
> > Date: Tue Aug 22 07:43:06 2006
> > New Revision: 433646
> > 
> > URL: http://svn.apache.org/viewvc?rev=433646&view=rev
> ...
> > Only one feature is missing (moving the credentials up and down) but I do not consider
> > it as a blocker for a merge with trunk.
> 
> Hi all,
> 
> besides one feature 
> * change credential order (move up/down)
> the ac seems to be stable (I did not say without bugs). ;)

BTW the feature will have to change the order of the accreditable in the
*.acml file.

Like:
<policy xmlns="http://apache.org/cocoon/lenya/ac/1.0">
 
   <group id="editor">
    <role id="edit" method="deny"/>
   </group>
 
   <group id="admin">
    <role id="admin" method="grant"/>
   </group>
 
 </policy> 

Will lock out *all* editor members, meaning an user that is in both
roles (like e.g. our default user: lenya) will be locked out as well.
That is because the first matched credential (lenya is an editor) will
be returned (ignoring all others) and this matches DENY.

Now changing it to
<policy xmlns="http://apache.org/cocoon/lenya/ac/1.0">
 
   <group id="admin">
    <role id="admin" method="grant"/>
   </group>

   <group id="editor">
    <role id="edit" method="deny"/>
   </group>
 
 </policy> 

Will allow lenya to enter again to the site since the first credential
is granted.

The nicest way to implement the ordering with a gui would be with an
ajax form, since moving a credential up the tree will need a rewrite of
the above file. 

When we use ajax one can move the credentials up and down, meanwhile the
policy will be rewritten (using ajax calls). 

...or we could implement the rewrite after submitting the form (which
contains the danger that one forget to submit, but may be easier to
implement).

The method should look something like
...., LinkedHashSet newOrder){

HashMap orderedCredential = new LinkedHashMap();
Credential[] returnCredential = new Credential [newOrder.size()];
int y = 0;
for (int i = orderedCredential.size(); i > 0; i--) {
  returnCredential[y]=(Credential)
orderedCredential.get(String.valueOf(i));
                 y++;
             }

Trying to say that one would need to use LinkedHash* to keep the order
(most important).

> 
> Please test the branch, that we can merge it back to the trunk. Feel
> free to send patches/implement the last feature.

Happy testing/implementing. ;)

salu2

/me having a couple of days off now to move into my new home. :)
-- 
Thorsten Scherler
COO Spain
Wyona Inc.  -  Open Source Content Management  -  Apache Lenya
http://www.wyona.com                   http://lenya.apache.org
thorsten.scherler@wyona.com                thorsten@apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lenya.apache.org
For additional commands, e-mail: dev-help@lenya.apache.org