Hi Fedora users! Suppose you want to write an object-oriented policy denying purging of the object, its datastreams and disseminators to anyone except administrators. You also want to allow certain groups to acess the object.
Let's suppose we use the first-applicable algorithm for determining the outcome of the policy. The target for the policy is simple: it points to the object in question. Then we make 3 rules. First rule denies the purging of anything in the object (three <Action> elements OR-ed, one for each type of purging) to anyone that's not an administrator. Second rule denies access to the object to anyone that's not desirable and last rule permits acess as a fallback rule. Well, the accessing part seems to work. People who are supposed to have access have it, and those who aren't don't. But the purging part somehow doesn't work. As long as you have acess to the object, you can purge to your heart's content. This made me wonder if there's any bug being tracked for this, as some of the default repository policies that come with Fedora (namely deny-purge-datastream-if-active-or-inactive and deny-purge-object-if-active-or-inactive) seem to fail too. Even with users that aren't administrators, it is possible to purge datastreams that are active as long as you have access to an object. So is there anyone experiencing the same problems, or better yet, using another method to get this done? Sincerely yours, Tiago Cunha ------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ _______________________________________________ Fedora-commons-users mailing list Fedora-commons-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
