Re: My "dirty" solution to set non-inheritable privileges using webdav client
namespace="http://jakarta.apache.org/slide/"; name="password"> classname="org.apache.slide.structure.SubjectNode" uri="/roles"> inheritable="true"/> inheritable="true" negative="true"/> classname="org.apache.slide.structure.SubjectNode" uri="/roles/root"> name="group-member-set"> classname="org.apache.slide.structure.SubjectNode" uri="/roles/user"> name="group-member-set"> classname="org.apache.slide.structure.SubjectNode" uri="/roles/guest"> name="group-member-set"> classname="org.apache.slide.structure.SubjectNode" uri="/roles/student"/> classname="org.apache.slide.structure.SubjectNode" uri="/roles/teacher"/> classname="org.apache.slide.structure.SubjectNode" uri="/roles/parent"/> classname="org.apache.slide.structure.ActionNode" uri="/actions"> classname="org.apache.slide.structure.ActionNode" uri="/actions/read"> name="privilege-member-set"> classname="org.apache.slide.structure.ActionNode" uri="/actions/read-acl"> classname="org.apache.slide.structure.ActionNode" uri="/actions/read-current-user-privilege-set"> classname="org.apache.slide.structure.ActionNode" uri="/actions/write"> name="privilege-member-set"> classname="org.apache.slide.structure.ActionNode" uri="/actions/write-acl"> classname="org.apache.slide.structure.ActionNode" uri="/actions/write-properties"> classname="org.apache.slide.structure.ActionNode" uri="/actions/write-content"> name="privilege-member-set"> classname="org.apache.slide.structure.ActionNode" uri="/actions/bind"> classname="org.apache.slide.structure.ActionNode" uri="/actions/unbind"> classname="org.apache.slide.structure.ActionNode" uri="/actions/unlock"> classname="org.apache.slide.structure.SubjectNode" uri="/files"> inheritable="true"/> subject="owner" inheritable="true"/> subject="/roles/teacher" inheritable="false"/> subject="/roles/student" inheritable="false"/> classname="org.apache.slide.structure.SubjectNode" uri="/history"> inheritable="true"/> classname="org.apache.slide.structure.SubjectNode" uri="/workspace"> inheritable="true"/> classname="org.apache.slide.structure.SubjectNode" uri="/workingresource"> inheritable="true"/>
Re: My "dirty" solution to set non-inheritable privileges using webdav client
quot;org.apache.slide.structure.SubjectNode" uri="/roles"> inheritable="true"/> inheritable="true" negative="true"/> classname="org.apache.slide.structure.SubjectNode" uri="/roles/root"> name="group-member-set"> classname="org.apache.slide.structure.SubjectNode" uri="/roles/user"> name="group-member-set"> classname="org.apache.slide.structure.SubjectNode" uri="/roles/guest"> name="group-member-set"> classname="org.apache.slide.structure.SubjectNode" uri="/roles/student"/> classname="org.apache.slide.structure.SubjectNode" uri="/roles/teacher"/> classname="org.apache.slide.structure.SubjectNode" uri="/roles/parent"/> classname="org.apache.slide.structure.ActionNode" uri="/actions"> classname="org.apache.slide.structure.ActionNode" uri="/actions/read"> name="privilege-member-set"> classname="org.apache.slide.structure.ActionNode" uri="/actions/read-acl"> classname="org.apache.slide.structure.ActionNode" uri="/actions/read-current-user-privilege-set"> classname="org.apache.slide.structure.ActionNode" uri="/actions/write"> name="privilege-member-set"> classname="org.apache.slide.structure.ActionNode" uri="/actions/write-acl"> classname="org.apache.slide.structure.ActionNode" uri="/actions/write-properties"> classname="org.apache.slide.structure.ActionNode" uri="/actions/write-content"> name="privilege-member-set"> classname="org.apache.slide.structure.ActionNode" uri="/actions/bind"> classname="org.apache.slide.structure.ActionNode" uri="/actions/unbind"> classname="org.apache.slide.structure.ActionNode" uri="/actions/unlock"> classname="org.apache.slide.structure.SubjectNode" uri="/files"> inheritable="true"/> subject="owner" inheritable="true"/> subject="/roles/teacher" inheritable="false"/> subject="/roles/student" inheritable="false"/> classname="org.apache.slide.structure.SubjectNode" uri="/history"> inheritable="true"/> classname="org.apache.slide.structure.SubjectNode" uri="/workspace"> inheritable="true"/> classname="org.apache.slide.structure.SubjectNode" uri="/workingresource"> inheritable="true"/> /history /workspace /workingresource checkout-checkin false forbidden forbidden - Original Message - From: "Thomas Bellembois" <[EMAIL PROTECTED]> To: "Slide
Re: My "dirty" solution to set non-inheritable privileges using webdav client
quot;group-member-set"> classname="org.apache.slide.structure.SubjectNode" uri="/roles/student"/> classname="org.apache.slide.structure.SubjectNode" uri="/roles/teacher"/> classname="org.apache.slide.structure.SubjectNode" uri="/roles/parent"/> classname="org.apache.slide.structure.ActionNode" uri="/actions"> classname="org.apache.slide.structure.ActionNode" uri="/actions/read"> name="privilege-member-set"> classname="org.apache.slide.structure.ActionNode" uri="/actions/read-acl"> classname="org.apache.slide.structure.ActionNode" uri="/actions/read-current-user-privilege-set"> classname="org.apache.slide.structure.ActionNode" uri="/actions/write"> name="privilege-member-set"> classname="org.apache.slide.structure.ActionNode" uri="/actions/write-acl"> classname="org.apache.slide.structure.ActionNode" uri="/actions/write-properties"> classname="org.apache.slide.structure.ActionNode" uri="/actions/write-content"> name="privilege-member-set"> classname="org.apache.slide.structure.ActionNode" uri="/actions/bind"> classname="org.apache.slide.structure.ActionNode" uri="/actions/unbind"> classname="org.apache.slide.structure.ActionNode" uri="/actions/unlock"> classname="org.apache.slide.structure.SubjectNode" uri="/files"> inheritable="true"/> inheritable="true"/> subject="/roles/teacher" inheritable="false"/> subject="/roles/student" inheritable="false"/> classname="org.apache.slide.structure.SubjectNode" uri="/history"> inheritable="true"/> classname="org.apache.slide.structure.SubjectNode" uri="/workspace"> inheritable="true"/> classname="org.apache.slide.structure.SubjectNode" uri="/workingresource"> inheritable="true"/> /history /workspace /workingresource checkout-checkin false forbidden forbidden - Original Message - From: "Thomas Bellembois" <[EMAIL PROTECTED]> To: "Slide Users Mailing List" Sent: Monday, July 25, 2005 11:24 AM Subject: Re: My "dirty" solution to set non-inheritable privileges using webdav client Hello, It does not work for me, even with the read permission on /files (and on the full path). I wonder if Slide manages non inheritable permissions even with the acl_inheritance_type parameter ? Thomas Maximo Gurmendez wrote: I've tried something similar, and worked well through the domain.xml, however I need to add this privilege without restarting the application (through webdav). I recall I had a similar problem on a folder, say, /files/afolder and the problem was that it needed to have /files read permission (not inherited) Regards, Maximo - Original Message - From: "Thomas Bellembois" <[EMAIL PROTECTED]> To: "Slide Users Mailing List" Sent: Monday, July 25, 2005 7:35 A
Re: My "dirty" solution to set non-inheritable privileges using webdav client
Hello, It does not work for me, even with the read permission on /files (and on the full path). I wonder if Slide manages non inheritable permissions even with the acl_inheritance_type parameter ? Thomas Maximo Gurmendez wrote: I've tried something similar, and worked well through the domain.xml, however I need to add this privilege without restarting the application (through webdav). I recall I had a similar problem on a folder, say, /files/afolder and the problem was that it needed to have /files read permission (not inherited) Regards, Maximo - Original Message - From: "Thomas Bellembois" <[EMAIL PROTECTED]> To: "Slide Users Mailing List" Sent: Monday, July 25, 2005 7:35 AM Subject: Re: My "dirty" solution to set non-inheritable privileges using webdav client Hello, It does not seem to work either. I have the same problem. When I put the following permission on a resource : inheritable="true" negative="false" /> The user "bourges" can write but if I change the inheritable="true" into "false" it does not work anymore. I have tried many configurations in my Domain.xml for the acl_inheritance_type parameter. Any idea ? Thanks. Thomas Miguel Figueiredo wrote: Good morning, Have you checked the following parameter? [path|0|1|...] It’s configurable in the Domain.xml Hope this helps, Miguel Figueiredo -Original Message- From: Maximo Gurmendez [mailto:[EMAIL PROTECTED] Sent: segunda-feira, 25 de Julho de 2005 5:20 To: Slide Users Mailing List Subject: My "dirty" solution to set non-inheritable privileges using webdav client I've modified the createNodePermissionList method from org.apache.slide.webdav.method.AclMethod class as pasted below. For doing this I send through webdav a new privilege "read-noninheritable" or "write-noninheritable", and it works fine. Example, for client: Ace a = new Ace("/users/auser"); a.setInherited(false); a.addPrivilege(new Privilege("ECADEMICUS:","read-noninherited","inherit")); a.setProtected(false); a.setNegative(false); Ace[] aces = new Ace[1]; aces[0]=a; boolean ok = res.aclMethod("/files/afolder",aces); Maybe it is not the best, but it was suggested as a posibility. Maybe someone knows of a better way. Many thanks, Máximo Ing. Máximo Gurméndez IT Applications Integrator The British Schools, Montevideo Máximo Tajes 6400 Tel. 6003421 int. 136 email: [EMAIL PROTECTED] private List createNodePermissionList( Element aceElm ) throws PreconditionViolationException, SlideException, JDOMException { List result = new ArrayList(); String objectUri = resourcePath; String subjectUri = null; String actionUri = null; boolean negative = false; boolean invert = false; // ACE principal Element principalElm = aceElm.getChild(E_PRINCIPAL, DNSP); if (principalElm == null) { Element invertElm = aceElm.getChild(E_INVERT, DNSP); if (invertElm != null) { invert = true; principalElm = invertElm.getChild(E_PRINCIPAL, DNSP); } } if (principalElm != null) { subjectUri = createSubjectUri(principalElm); } else { throw new PreconditionViolationException( new ViolatedPrecondition("missing-ace-principal", WebdavStatus.SC_BAD_REQUEST), resourcePath ); } // ACE grant and deny Element grantDenyElm = null; Element grantElm = aceElm.getChild(E_GRANT, DNSP); Element denyElm = aceElm.getChild(E_DENY, DNSP); if (grantElm != null && denyElm == null) { grantDenyElm = grantElm; } else if (grantElm == null && denyElm != null) { negative = true; grantDenyElm = denyElm; } else if(grantElm != null && denyElm != null) { throw new PreconditionViolationException( new ViolatedPrecondition("only-grant-or-deny-allowed", WebdavStatus.SC_BAD_REQUEST), resourcePath ); } else if(grantElm == null && denyElm == null) { throw new PreconditionViolationException( new ViolatedPrecondition("missing-grant-or-deny", WebdavStatus.SC_BAD_REQUEST), resourcePath ); } Iterator privilegeIt = grantDenyElm.getChildren(E_PRIVILEGE, DNSP).iterator(); while (privilegeIt.hasNext()) { Element privilegeElm = (Element)privilegeIt.next(); actionUri =
Re: My "dirty" solution to set non-inheritable privileges using webdav client
I've tried something similar, and worked well through the domain.xml, however I need to add this privilege without restarting the application (through webdav). I recall I had a similar problem on a folder, say, /files/afolder and the problem was that it needed to have /files read permission (not inherited) Regards, Maximo - Original Message - From: "Thomas Bellembois" <[EMAIL PROTECTED]> To: "Slide Users Mailing List" Sent: Monday, July 25, 2005 7:35 AM Subject: Re: My "dirty" solution to set non-inheritable privileges using webdav client Hello, It does not seem to work either. I have the same problem. When I put the following permission on a resource : inheritable="true" negative="false" /> The user "bourges" can write but if I change the inheritable="true" into "false" it does not work anymore. I have tried many configurations in my Domain.xml for the acl_inheritance_type parameter. Any idea ? Thanks. Thomas Miguel Figueiredo wrote: Good morning, Have you checked the following parameter? [path|0|1|...] It’s configurable in the Domain.xml Hope this helps, Miguel Figueiredo -Original Message- From: Maximo Gurmendez [mailto:[EMAIL PROTECTED] Sent: segunda-feira, 25 de Julho de 2005 5:20 To: Slide Users Mailing List Subject: My "dirty" solution to set non-inheritable privileges using webdav client I've modified the createNodePermissionList method from org.apache.slide.webdav.method.AclMethod class as pasted below. For doing this I send through webdav a new privilege "read-noninheritable" or "write-noninheritable", and it works fine. Example, for client: Ace a = new Ace("/users/auser"); a.setInherited(false); a.addPrivilege(new Privilege("ECADEMICUS:","read-noninherited","inherit")); a.setProtected(false); a.setNegative(false); Ace[] aces = new Ace[1]; aces[0]=a; boolean ok = res.aclMethod("/files/afolder",aces); Maybe it is not the best, but it was suggested as a posibility. Maybe someone knows of a better way. Many thanks, Máximo Ing. Máximo Gurméndez IT Applications Integrator The British Schools, Montevideo Máximo Tajes 6400 Tel. 6003421 int. 136 email: [EMAIL PROTECTED] private List createNodePermissionList( Element aceElm ) throws PreconditionViolationException, SlideException, JDOMException { List result = new ArrayList(); String objectUri = resourcePath; String subjectUri = null; String actionUri = null; boolean negative = false; boolean invert = false; // ACE principal Element principalElm = aceElm.getChild(E_PRINCIPAL, DNSP); if (principalElm == null) { Element invertElm = aceElm.getChild(E_INVERT, DNSP); if (invertElm != null) { invert = true; principalElm = invertElm.getChild(E_PRINCIPAL, DNSP); } } if (principalElm != null) { subjectUri = createSubjectUri(principalElm); } else { throw new PreconditionViolationException( new ViolatedPrecondition("missing-ace-principal", WebdavStatus.SC_BAD_REQUEST), resourcePath ); } // ACE grant and deny Element grantDenyElm = null; Element grantElm = aceElm.getChild(E_GRANT, DNSP); Element denyElm = aceElm.getChild(E_DENY, DNSP); if (grantElm != null && denyElm == null) { grantDenyElm = grantElm; } else if (grantElm == null && denyElm != null) { negative = true; grantDenyElm = denyElm; } else if(grantElm != null && denyElm != null) { throw new PreconditionViolationException( new ViolatedPrecondition("only-grant-or-deny-allowed", WebdavStatus.SC_BAD_REQUEST), resourcePath ); } else if(grantElm == null && denyElm == null) { throw new PreconditionViolationException( new ViolatedPrecondition("missing-grant-or-deny", WebdavStatus.SC_BAD_REQUEST), resourcePath ); } Iterator privilegeIt = grantDenyElm.getChildren(E_PRIVILEGE, DNSP).iterator(); while (privilegeIt.hasNext()) { Element privilegeElm = (Element)privilegeIt.next(); actionUri = createActionUri(privilegeElm); if (actionUri == null) { throw new PreconditionViolationException( new ViolatedPrecondition("not-supported-privilege", WebdavStatus.SC_BAD_REQUEST), resourcePath );
Re: My "dirty" solution to set non-inheritable privileges using webdav client
Hello, It does not seem to work either. I have the same problem. When I put the following permission on a resource : inheritable="true" negative="false" /> The user "bourges" can write but if I change the inheritable="true" into "false" it does not work anymore. I have tried many configurations in my Domain.xml for the acl_inheritance_type parameter. Any idea ? Thanks. Thomas Miguel Figueiredo wrote: Good morning, Have you checked the following parameter? [path|0|1|...] It’s configurable in the Domain.xml Hope this helps, Miguel Figueiredo -Original Message- From: Maximo Gurmendez [mailto:[EMAIL PROTECTED] Sent: segunda-feira, 25 de Julho de 2005 5:20 To: Slide Users Mailing List Subject: My "dirty" solution to set non-inheritable privileges using webdav client I've modified the createNodePermissionList method from org.apache.slide.webdav.method.AclMethod class as pasted below. For doing this I send through webdav a new privilege "read-noninheritable" or "write-noninheritable", and it works fine. Example, for client: Ace a = new Ace("/users/auser"); a.setInherited(false); a.addPrivilege(new Privilege("ECADEMICUS:","read-noninherited","inherit")); a.setProtected(false); a.setNegative(false); Ace[] aces = new Ace[1]; aces[0]=a; boolean ok = res.aclMethod("/files/afolder",aces); Maybe it is not the best, but it was suggested as a posibility. Maybe someone knows of a better way. Many thanks, Máximo Ing. Máximo Gurméndez IT Applications Integrator The British Schools, Montevideo Máximo Tajes 6400 Tel. 6003421 int. 136 email: [EMAIL PROTECTED] private List createNodePermissionList( Element aceElm ) throws PreconditionViolationException, SlideException, JDOMException { List result = new ArrayList(); String objectUri = resourcePath; String subjectUri = null; String actionUri = null; boolean negative = false; boolean invert = false; // ACE principal Element principalElm = aceElm.getChild(E_PRINCIPAL, DNSP); if (principalElm == null) { Element invertElm = aceElm.getChild(E_INVERT, DNSP); if (invertElm != null) { invert = true; principalElm = invertElm.getChild(E_PRINCIPAL, DNSP); } } if (principalElm != null) { subjectUri = createSubjectUri(principalElm); } else { throw new PreconditionViolationException( new ViolatedPrecondition("missing-ace-principal", WebdavStatus.SC_BAD_REQUEST), resourcePath ); } // ACE grant and deny Element grantDenyElm = null; Element grantElm = aceElm.getChild(E_GRANT, DNSP); Element denyElm = aceElm.getChild(E_DENY, DNSP); if (grantElm != null && denyElm == null) { grantDenyElm = grantElm; } else if (grantElm == null && denyElm != null) { negative = true; grantDenyElm = denyElm; } else if(grantElm != null && denyElm != null) { throw new PreconditionViolationException( new ViolatedPrecondition("only-grant-or-deny-allowed", WebdavStatus.SC_BAD_REQUEST), resourcePath ); } else if(grantElm == null && denyElm == null) { throw new PreconditionViolationException( new ViolatedPrecondition("missing-grant-or-deny", WebdavStatus.SC_BAD_REQUEST), resourcePath ); } Iterator privilegeIt = grantDenyElm.getChildren(E_PRIVILEGE, DNSP).iterator(); while (privilegeIt.hasNext()) { Element privilegeElm = (Element)privilegeIt.next(); actionUri = createActionUri(privilegeElm); if (actionUri == null) { throw new PreconditionViolationException( new ViolatedPrecondition("not-supported-privilege", WebdavStatus.SC_BAD_REQUEST), resourcePath ); } else { //begin add ecademicus boolean inherit=true; if (actionUri.endsWith("-noninherited")) { inherit=false; actionUri=actionUri.replaceAll("-noninherited",""); } //end add ecademicus //NodePermission np = new NodePermission(objectUri, subjectUri, actionUri, true, negative); // mod ecademicus NodePermission np = new NodePermission(objectUri, subjectUri, actionUri, inherit, negative); np.setInvert(invert); result.add(np); } } return result; } -- +---=(
RE: My "dirty" solution to set non-inheritable privileges using webdav client
Good morning, Have you checked the following parameter? [path|0|1|...] Its configurable in the Domain.xml Hope this helps, Miguel Figueiredo -Original Message- From: Maximo Gurmendez [mailto:[EMAIL PROTECTED] Sent: segunda-feira, 25 de Julho de 2005 5:20 To: Slide Users Mailing List Subject: My "dirty" solution to set non-inheritable privileges using webdav client I've modified the createNodePermissionList method from org.apache.slide.webdav.method.AclMethod class as pasted below. For doing this I send through webdav a new privilege "read-noninheritable" or "write-noninheritable", and it works fine. Example, for client: Ace a = new Ace("/users/auser"); a.setInherited(false); a.addPrivilege(new Privilege("ECADEMICUS:","read-noninherited","inherit")); a.setProtected(false); a.setNegative(false); Ace[] aces = new Ace[1]; aces[0]=a; boolean ok = res.aclMethod("/files/afolder",aces); Maybe it is not the best, but it was suggested as a posibility. Maybe someone knows of a better way. Many thanks, Máximo Ing. Máximo Gurméndez IT Applications Integrator The British Schools, Montevideo Máximo Tajes 6400 Tel. 6003421 int. 136 email: [EMAIL PROTECTED] private List createNodePermissionList( Element aceElm ) throws PreconditionViolationException, SlideException, JDOMException { List result = new ArrayList(); String objectUri = resourcePath; String subjectUri = null; String actionUri = null; boolean negative = false; boolean invert = false; // ACE principal Element principalElm = aceElm.getChild(E_PRINCIPAL, DNSP); if (principalElm == null) { Element invertElm = aceElm.getChild(E_INVERT, DNSP); if (invertElm != null) { invert = true; principalElm = invertElm.getChild(E_PRINCIPAL, DNSP); } } if (principalElm != null) { subjectUri = createSubjectUri(principalElm); } else { throw new PreconditionViolationException( new ViolatedPrecondition("missing-ace-principal", WebdavStatus.SC_BAD_REQUEST), resourcePath ); } // ACE grant and deny Element grantDenyElm = null; Element grantElm = aceElm.getChild(E_GRANT, DNSP); Element denyElm = aceElm.getChild(E_DENY, DNSP); if (grantElm != null && denyElm == null) { grantDenyElm = grantElm; } else if (grantElm == null && denyElm != null) { negative = true; grantDenyElm = denyElm; } else if(grantElm != null && denyElm != null) { throw new PreconditionViolationException( new ViolatedPrecondition("only-grant-or-deny-allowed", WebdavStatus.SC_BAD_REQUEST), resourcePath ); } else if(grantElm == null && denyElm == null) { throw new PreconditionViolationException( new ViolatedPrecondition("missing-grant-or-deny", WebdavStatus.SC_BAD_REQUEST), resourcePath ); } Iterator privilegeIt = grantDenyElm.getChildren(E_PRIVILEGE, DNSP).iterator(); while (privilegeIt.hasNext()) { Element privilegeElm = (Element)privilegeIt.next(); actionUri = createActionUri(privilegeElm); if (actionUri == null) { throw new PreconditionViolationException( new ViolatedPrecondition("not-supported-privilege", WebdavStatus.SC_BAD_REQUEST), resourcePath ); } else { //begin add ecademicus boolean inherit=true; if (actionUri.endsWith("-noninherited")) { inherit=false; actionUri=actionUri.replaceAll("-noninherited",""); } //end add ecademicus //NodePermission np = new NodePermission(objectUri, subjectUri, actionUri, true, negative); // mod ecademicus NodePermission np = new NodePermission(objectUri, subjectUri, actionUri, inherit, negative); np.setInvert(invert); result.add(np); } } return result; }