Hi,
I recently posted a
bug in the bugtracker stating that NodeManager.getList is broken when you
implement a custom authorization implementation that does not override
Authorization.check(UserContext, Query, Operation). I cannot seem to reach www.mmbase.org at the moment, so I can not
provide the bug number, but it was posted the day before
yesterday.
I wondered if anyone
could provide me with a temporary solution for this problem. I'll repeat the
problem here.
The following code
does not work for me:
NodeList
allNodesList = cloud.getNodeManager("object").getList(null, null,
null);
It returns no nodes
at all. The reason is the following:
- in
BasicNodeManager.getList(String, String, String) a NodeQuery is
created
- in
BasicNodeManager.getList(NodeQuery) an attempt is made to set a security
constraint on this query
- my authorization
implementation relies on the default method Authorization.check(UserContext,
Query, Operation), which returns Authorization.NO_CHECK
- this means all
nodes will be checked for read access by the current user one by one later
on
- all nodes inside
MMBase are returned by executing the query (which is
correct)
- these nodes all
have values without a prepended builder name (i.e.: 'number' instead of
'object.number')
- inside
BasicCloud.checkNodes all nodes are tested for readability
- however, the node
numbers for all these nodes are retrieved by asking for a field named
'object.number'
int nodenr =
node.getIntValue(((Step)steps.get(j)).getTableName() +
".number");
- the nodes that
were returned do not have these fields, since they only have fields named
'number', not 'object.number'
So the question is
whether it is possible to check inside BasicCloud.checkNodes whether the nodes
contained in the list are primitive nodes or cluster nodes. The retrieval of the
number fields could then be either by the 'number' field or by the
<builderName>.number field.
Thanks for any
answers,
Ronald
Wildenberg.
-----------------------Disclaimer-------------------------
Dit bericht (met bijlagen) is met grote zorgvuldigheid samengesteld. Voor mogelijke onjuistheid en/of onvolledigheid van de hierin verstrekte informatie kan Kennisnet geen aansprakelijkheid aanvaarden, evenmin kunnen aan de inhoud van dit bericht (met bijlagen) rechten worden ontleend. De inhoud van dit bericht (met bijlagen) kan vertrouwelijke informatie bevatten en is uitsluitend bestemd voor de geadresseerde van dit bericht. Indien u niet de beoogde ontvanger van dit bericht bent, verzoekt Kennisnet u dit bericht te verwijderen, eventuele bijlagen niet te openen en wijst Kennisnet u op de onrechtmatigheid van het gebruiken, kopiëren of verspreiden van de inhoud van dit bericht (met bijlagen).
This message (with attachments) is given in good faith. Kennisnet cannot assume any responsibility for the accuracy or reliability of the information contained in this message (with attachments), nor shall the information be construed as constituting any obligation on the part of Kennisnet. The information contained in this message (with attachments) may be confidential or privileged and is only intended for the use of the named addressee. If you are not the intended recipient, you are requested by Kennisnet to delete this message (with attachments) without opening it and you are notified by Kennisnet that any disclosure, copying or distribution of the information contained in this message (with attachments) is strictly prohibited and unlawful.
----------------------------------------------------------
