Re: My "dirty" solution to set non-inheritable privileges using webdav client
namespace="http://jakarta.apache.org/slide/"; name="password">
classname="org.apache.slide.structure.SubjectNode" uri="/roles">
inheritable="true"/>
inheritable="true" negative="true"/>
classname="org.apache.slide.structure.SubjectNode" uri="/roles/root">
name="group-member-set">
classname="org.apache.slide.structure.SubjectNode" uri="/roles/user">
name="group-member-set">
classname="org.apache.slide.structure.SubjectNode" uri="/roles/guest">
name="group-member-set">
classname="org.apache.slide.structure.SubjectNode"
uri="/roles/student"/>
classname="org.apache.slide.structure.SubjectNode"
uri="/roles/teacher"/>
classname="org.apache.slide.structure.SubjectNode" uri="/roles/parent"/>
classname="org.apache.slide.structure.ActionNode" uri="/actions">
classname="org.apache.slide.structure.ActionNode" uri="/actions/read">
name="privilege-member-set">
classname="org.apache.slide.structure.ActionNode"
uri="/actions/read-acl">
classname="org.apache.slide.structure.ActionNode"
uri="/actions/read-current-user-privilege-set">
classname="org.apache.slide.structure.ActionNode" uri="/actions/write">
name="privilege-member-set">
classname="org.apache.slide.structure.ActionNode"
uri="/actions/write-acl">
classname="org.apache.slide.structure.ActionNode"
uri="/actions/write-properties">
classname="org.apache.slide.structure.ActionNode"
uri="/actions/write-content">
name="privilege-member-set">
classname="org.apache.slide.structure.ActionNode" uri="/actions/bind">
classname="org.apache.slide.structure.ActionNode" uri="/actions/unbind">
classname="org.apache.slide.structure.ActionNode" uri="/actions/unlock">
classname="org.apache.slide.structure.SubjectNode" uri="/files">
inheritable="true"/>
subject="owner" inheritable="true"/>
subject="/roles/teacher" inheritable="false"/>
subject="/roles/student" inheritable="false"/>
classname="org.apache.slide.structure.SubjectNode" uri="/history">
inheritable="true"/>
classname="org.apache.slide.structure.SubjectNode" uri="/workspace">
inheritable="true"/>
classname="org.apache.slide.structure.SubjectNode"
uri="/workingresource">
inheritable="true"/>
Re: My "dirty" solution to set non-inheritable privileges using webdav client
quot;org.apache.slide.structure.SubjectNode" uri="/roles"> inheritable="true"/> inheritable="true" negative="true"/> classname="org.apache.slide.structure.SubjectNode" uri="/roles/root"> name="group-member-set"> classname="org.apache.slide.structure.SubjectNode" uri="/roles/user"> name="group-member-set"> classname="org.apache.slide.structure.SubjectNode" uri="/roles/guest"> name="group-member-set"> classname="org.apache.slide.structure.SubjectNode" uri="/roles/student"/> classname="org.apache.slide.structure.SubjectNode" uri="/roles/teacher"/> classname="org.apache.slide.structure.SubjectNode" uri="/roles/parent"/> classname="org.apache.slide.structure.ActionNode" uri="/actions"> classname="org.apache.slide.structure.ActionNode" uri="/actions/read"> name="privilege-member-set"> classname="org.apache.slide.structure.ActionNode" uri="/actions/read-acl"> classname="org.apache.slide.structure.ActionNode" uri="/actions/read-current-user-privilege-set"> classname="org.apache.slide.structure.ActionNode" uri="/actions/write"> name="privilege-member-set"> classname="org.apache.slide.structure.ActionNode" uri="/actions/write-acl"> classname="org.apache.slide.structure.ActionNode" uri="/actions/write-properties"> classname="org.apache.slide.structure.ActionNode" uri="/actions/write-content"> name="privilege-member-set"> classname="org.apache.slide.structure.ActionNode" uri="/actions/bind"> classname="org.apache.slide.structure.ActionNode" uri="/actions/unbind"> classname="org.apache.slide.structure.ActionNode" uri="/actions/unlock"> classname="org.apache.slide.structure.SubjectNode" uri="/files"> inheritable="true"/> subject="owner" inheritable="true"/> subject="/roles/teacher" inheritable="false"/> subject="/roles/student" inheritable="false"/> classname="org.apache.slide.structure.SubjectNode" uri="/history"> inheritable="true"/> classname="org.apache.slide.structure.SubjectNode" uri="/workspace"> inheritable="true"/> classname="org.apache.slide.structure.SubjectNode" uri="/workingresource"> inheritable="true"/> /history /workspace /workingresource checkout-checkin false forbidden forbidden - Original Message - From: "Thomas Bellembois" <[EMAIL PROTECTED]> To: "Slide
Re: My "dirty" solution to set non-inheritable privileges using webdav client
quot;group-member-set"> classname="org.apache.slide.structure.SubjectNode" uri="/roles/student"/> classname="org.apache.slide.structure.SubjectNode" uri="/roles/teacher"/> classname="org.apache.slide.structure.SubjectNode" uri="/roles/parent"/> classname="org.apache.slide.structure.ActionNode" uri="/actions"> classname="org.apache.slide.structure.ActionNode" uri="/actions/read"> name="privilege-member-set"> classname="org.apache.slide.structure.ActionNode" uri="/actions/read-acl"> classname="org.apache.slide.structure.ActionNode" uri="/actions/read-current-user-privilege-set"> classname="org.apache.slide.structure.ActionNode" uri="/actions/write"> name="privilege-member-set"> classname="org.apache.slide.structure.ActionNode" uri="/actions/write-acl"> classname="org.apache.slide.structure.ActionNode" uri="/actions/write-properties"> classname="org.apache.slide.structure.ActionNode" uri="/actions/write-content"> name="privilege-member-set"> classname="org.apache.slide.structure.ActionNode" uri="/actions/bind"> classname="org.apache.slide.structure.ActionNode" uri="/actions/unbind"> classname="org.apache.slide.structure.ActionNode" uri="/actions/unlock"> classname="org.apache.slide.structure.SubjectNode" uri="/files"> inheritable="true"/> inheritable="true"/> subject="/roles/teacher" inheritable="false"/> subject="/roles/student" inheritable="false"/> classname="org.apache.slide.structure.SubjectNode" uri="/history"> inheritable="true"/> classname="org.apache.slide.structure.SubjectNode" uri="/workspace"> inheritable="true"/> classname="org.apache.slide.structure.SubjectNode" uri="/workingresource"> inheritable="true"/> /history /workspace /workingresource checkout-checkin false forbidden forbidden - Original Message - From: "Thomas Bellembois" <[EMAIL PROTECTED]> To: "Slide Users Mailing List" Sent: Monday, July 25, 2005 11:24 AM Subject: Re: My "dirty" solution to set non-inheritable privileges using webdav client Hello, It does not work for me, even with the read permission on /files (and on the full path). I wonder if Slide manages non inheritable permissions even with the acl_inheritance_type parameter ? Thomas Maximo Gurmendez wrote: I've tried something similar, and worked well through the domain.xml, however I need to add this privilege without restarting the application (through webdav). I recall I had a similar problem on a folder, say, /files/afolder and the problem was that it needed to have /files read permission (not inherited) Regards, Maximo - Original Message - From: "Thomas Bellembois" <[EMAIL PROTECTED]> To: "Slide Users Mailing List" Sent: Monday, July 25, 2005 7:35 A
Re: My "dirty" solution to set non-inheritable privileges using webdav client
Hello,
It does not work for me, even with the read permission on /files (and on
the full path).
I wonder if Slide manages non inheritable permissions even with the
acl_inheritance_type parameter ?
Thomas
Maximo Gurmendez wrote:
I've tried something similar, and worked well through the domain.xml,
however I need to add this privilege without restarting the
application (through webdav).
I recall I had a similar problem on a folder, say, /files/afolder and
the problem was that it needed to have /files read permission (not
inherited)
Regards,
Maximo
- Original Message - From: "Thomas Bellembois"
<[EMAIL PROTECTED]>
To: "Slide Users Mailing List"
Sent: Monday, July 25, 2005 7:35 AM
Subject: Re: My "dirty" solution to set non-inheritable privileges
using webdav client
Hello,
It does not seem to work either.
I have the same problem.
When I put the following permission on a resource :
inheritable="true" negative="false" />
The user "bourges" can write but if I change the inheritable="true"
into "false" it does not work anymore.
I have tried many configurations in my Domain.xml for the
acl_inheritance_type parameter.
Any idea ?
Thanks.
Thomas
Miguel Figueiredo wrote:
Good morning,
Have you checked the following parameter?
[path|0|1|...]
It’s configurable in the Domain.xml
Hope this helps,
Miguel Figueiredo
-Original Message-
From: Maximo Gurmendez [mailto:[EMAIL PROTECTED] Sent:
segunda-feira, 25 de Julho de 2005 5:20
To: Slide Users Mailing List
Subject: My "dirty" solution to set non-inheritable privileges using
webdav
client
I've modified the createNodePermissionList method from
org.apache.slide.webdav.method.AclMethod class as pasted below.
For doing this I send through webdav a new privilege
"read-noninheritable"
or "write-noninheritable", and it works fine.
Example, for client:
Ace a = new Ace("/users/auser");
a.setInherited(false);
a.addPrivilege(new
Privilege("ECADEMICUS:","read-noninherited","inherit"));
a.setProtected(false);
a.setNegative(false);
Ace[] aces = new Ace[1];
aces[0]=a;
boolean ok = res.aclMethod("/files/afolder",aces);
Maybe it is not the best, but it was suggested as a posibility. Maybe
someone knows of a better way.
Many thanks,
Máximo
Ing. Máximo Gurméndez
IT Applications Integrator
The British Schools, Montevideo
Máximo Tajes 6400
Tel. 6003421 int. 136
email: [EMAIL PROTECTED]
private List createNodePermissionList( Element aceElm ) throws
PreconditionViolationException, SlideException, JDOMException {
List result = new ArrayList();
String objectUri = resourcePath;
String subjectUri = null;
String actionUri = null;
boolean negative = false;
boolean invert = false;
// ACE principal
Element principalElm = aceElm.getChild(E_PRINCIPAL, DNSP);
if (principalElm == null) {
Element invertElm = aceElm.getChild(E_INVERT, DNSP);
if (invertElm != null) {
invert = true;
principalElm = invertElm.getChild(E_PRINCIPAL, DNSP);
}
}
if (principalElm != null) {
subjectUri = createSubjectUri(principalElm);
}
else {
throw new PreconditionViolationException(
new ViolatedPrecondition("missing-ace-principal",
WebdavStatus.SC_BAD_REQUEST), resourcePath
);
}
// ACE grant and deny
Element grantDenyElm = null;
Element grantElm = aceElm.getChild(E_GRANT, DNSP);
Element denyElm = aceElm.getChild(E_DENY, DNSP);
if (grantElm != null && denyElm == null) {
grantDenyElm = grantElm;
}
else if (grantElm == null && denyElm != null) {
negative = true;
grantDenyElm = denyElm;
}
else if(grantElm != null && denyElm != null) {
throw new PreconditionViolationException(
new ViolatedPrecondition("only-grant-or-deny-allowed",
WebdavStatus.SC_BAD_REQUEST), resourcePath
);
}
else if(grantElm == null && denyElm == null) {
throw new PreconditionViolationException(
new ViolatedPrecondition("missing-grant-or-deny",
WebdavStatus.SC_BAD_REQUEST), resourcePath
);
}
Iterator privilegeIt = grantDenyElm.getChildren(E_PRIVILEGE,
DNSP).iterator();
while (privilegeIt.hasNext()) {
Element privilegeElm = (Element)privilegeIt.next();
actionUri =
Re: My "dirty" solution to set non-inheritable privileges using webdav client
I've tried something similar, and worked well through the domain.xml,
however I need to add this privilege without restarting the application
(through webdav).
I recall I had a similar problem on a folder, say, /files/afolder and the
problem was that it needed to have /files read permission (not inherited)
Regards,
Maximo
- Original Message -
From: "Thomas Bellembois" <[EMAIL PROTECTED]>
To: "Slide Users Mailing List"
Sent: Monday, July 25, 2005 7:35 AM
Subject: Re: My "dirty" solution to set non-inheritable privileges using
webdav client
Hello,
It does not seem to work either.
I have the same problem.
When I put the following permission on a resource :
inheritable="true" negative="false" />
The user "bourges" can write but if I change the inheritable="true" into
"false" it does not work anymore.
I have tried many configurations in my Domain.xml for the
acl_inheritance_type parameter.
Any idea ?
Thanks.
Thomas
Miguel Figueiredo wrote:
Good morning,
Have you checked the following parameter?
[path|0|1|...]
It’s configurable in the Domain.xml
Hope this helps,
Miguel Figueiredo
-Original Message-
From: Maximo Gurmendez [mailto:[EMAIL PROTECTED] Sent:
segunda-feira, 25 de Julho de 2005 5:20
To: Slide Users Mailing List
Subject: My "dirty" solution to set non-inheritable privileges using
webdav
client
I've modified the createNodePermissionList method from
org.apache.slide.webdav.method.AclMethod class as pasted below.
For doing this I send through webdav a new privilege "read-noninheritable"
or "write-noninheritable", and it works fine.
Example, for client:
Ace a = new Ace("/users/auser");
a.setInherited(false);
a.addPrivilege(new
Privilege("ECADEMICUS:","read-noninherited","inherit"));
a.setProtected(false);
a.setNegative(false);
Ace[] aces = new Ace[1];
aces[0]=a;
boolean ok = res.aclMethod("/files/afolder",aces);
Maybe it is not the best, but it was suggested as a posibility. Maybe
someone knows of a better way.
Many thanks,
Máximo
Ing. Máximo Gurméndez
IT Applications Integrator
The British Schools, Montevideo
Máximo Tajes 6400
Tel. 6003421 int. 136
email: [EMAIL PROTECTED]
private List createNodePermissionList( Element aceElm ) throws
PreconditionViolationException, SlideException, JDOMException {
List result = new ArrayList();
String objectUri = resourcePath;
String subjectUri = null;
String actionUri = null;
boolean negative = false;
boolean invert = false;
// ACE principal
Element principalElm = aceElm.getChild(E_PRINCIPAL, DNSP);
if (principalElm == null) {
Element invertElm = aceElm.getChild(E_INVERT, DNSP);
if (invertElm != null) {
invert = true;
principalElm = invertElm.getChild(E_PRINCIPAL, DNSP);
}
}
if (principalElm != null) {
subjectUri = createSubjectUri(principalElm);
}
else {
throw new PreconditionViolationException(
new ViolatedPrecondition("missing-ace-principal",
WebdavStatus.SC_BAD_REQUEST), resourcePath
);
}
// ACE grant and deny
Element grantDenyElm = null;
Element grantElm = aceElm.getChild(E_GRANT, DNSP);
Element denyElm = aceElm.getChild(E_DENY, DNSP);
if (grantElm != null && denyElm == null) {
grantDenyElm = grantElm;
}
else if (grantElm == null && denyElm != null) {
negative = true;
grantDenyElm = denyElm;
}
else if(grantElm != null && denyElm != null) {
throw new PreconditionViolationException(
new ViolatedPrecondition("only-grant-or-deny-allowed",
WebdavStatus.SC_BAD_REQUEST), resourcePath
);
}
else if(grantElm == null && denyElm == null) {
throw new PreconditionViolationException(
new ViolatedPrecondition("missing-grant-or-deny",
WebdavStatus.SC_BAD_REQUEST), resourcePath
);
}
Iterator privilegeIt = grantDenyElm.getChildren(E_PRIVILEGE,
DNSP).iterator();
while (privilegeIt.hasNext()) {
Element privilegeElm = (Element)privilegeIt.next();
actionUri = createActionUri(privilegeElm);
if (actionUri == null) {
throw new PreconditionViolationException(
new ViolatedPrecondition("not-supported-privilege",
WebdavStatus.SC_BAD_REQUEST), resourcePath
);
Re: My "dirty" solution to set non-inheritable privileges using webdav client
Hello,
It does not seem to work either.
I have the same problem.
When I put the following permission on a resource :
inheritable="true" negative="false" />
The user "bourges" can write but if I change the inheritable="true" into
"false" it does not work anymore.
I have tried many configurations in my Domain.xml for the
acl_inheritance_type parameter.
Any idea ?
Thanks.
Thomas
Miguel Figueiredo wrote:
Good morning,
Have you checked the following parameter?
[path|0|1|...]
It’s configurable in the Domain.xml
Hope this helps,
Miguel Figueiredo
-Original Message-
From: Maximo Gurmendez [mailto:[EMAIL PROTECTED]
Sent: segunda-feira, 25 de Julho de 2005 5:20
To: Slide Users Mailing List
Subject: My "dirty" solution to set non-inheritable privileges using webdav
client
I've modified the createNodePermissionList method from
org.apache.slide.webdav.method.AclMethod class as pasted below.
For doing this I send through webdav a new privilege "read-noninheritable"
or "write-noninheritable", and it works fine.
Example, for client:
Ace a = new Ace("/users/auser");
a.setInherited(false);
a.addPrivilege(new
Privilege("ECADEMICUS:","read-noninherited","inherit"));
a.setProtected(false);
a.setNegative(false);
Ace[] aces = new Ace[1];
aces[0]=a;
boolean ok = res.aclMethod("/files/afolder",aces);
Maybe it is not the best, but it was suggested as a posibility. Maybe
someone knows of a better way.
Many thanks,
Máximo
Ing. Máximo Gurméndez
IT Applications Integrator
The British Schools, Montevideo
Máximo Tajes 6400
Tel. 6003421 int. 136
email: [EMAIL PROTECTED]
private List createNodePermissionList( Element aceElm ) throws
PreconditionViolationException, SlideException, JDOMException {
List result = new ArrayList();
String objectUri = resourcePath;
String subjectUri = null;
String actionUri = null;
boolean negative = false;
boolean invert = false;
// ACE principal
Element principalElm = aceElm.getChild(E_PRINCIPAL, DNSP);
if (principalElm == null) {
Element invertElm = aceElm.getChild(E_INVERT, DNSP);
if (invertElm != null) {
invert = true;
principalElm = invertElm.getChild(E_PRINCIPAL, DNSP);
}
}
if (principalElm != null) {
subjectUri = createSubjectUri(principalElm);
}
else {
throw new PreconditionViolationException(
new ViolatedPrecondition("missing-ace-principal",
WebdavStatus.SC_BAD_REQUEST), resourcePath
);
}
// ACE grant and deny
Element grantDenyElm = null;
Element grantElm = aceElm.getChild(E_GRANT, DNSP);
Element denyElm = aceElm.getChild(E_DENY, DNSP);
if (grantElm != null && denyElm == null) {
grantDenyElm = grantElm;
}
else if (grantElm == null && denyElm != null) {
negative = true;
grantDenyElm = denyElm;
}
else if(grantElm != null && denyElm != null) {
throw new PreconditionViolationException(
new ViolatedPrecondition("only-grant-or-deny-allowed",
WebdavStatus.SC_BAD_REQUEST), resourcePath
);
}
else if(grantElm == null && denyElm == null) {
throw new PreconditionViolationException(
new ViolatedPrecondition("missing-grant-or-deny",
WebdavStatus.SC_BAD_REQUEST), resourcePath
);
}
Iterator privilegeIt = grantDenyElm.getChildren(E_PRIVILEGE,
DNSP).iterator();
while (privilegeIt.hasNext()) {
Element privilegeElm = (Element)privilegeIt.next();
actionUri = createActionUri(privilegeElm);
if (actionUri == null) {
throw new PreconditionViolationException(
new ViolatedPrecondition("not-supported-privilege",
WebdavStatus.SC_BAD_REQUEST), resourcePath
);
}
else {
//begin add ecademicus
boolean inherit=true;
if (actionUri.endsWith("-noninherited")) {
inherit=false;
actionUri=actionUri.replaceAll("-noninherited","");
}
//end add ecademicus
//NodePermission np = new NodePermission(objectUri,
subjectUri, actionUri, true, negative);
// mod ecademicus
NodePermission np = new NodePermission(objectUri,
subjectUri, actionUri, inherit, negative);
np.setInvert(invert);
result.add(np);
}
}
return result;
}
--
+---=(
RE: My "dirty" solution to set non-inheritable privileges using webdav client
Good morning,
Have you checked the following parameter?
[path|0|1|...]
Its configurable in the Domain.xml
Hope this helps,
Miguel Figueiredo
-Original Message-
From: Maximo Gurmendez [mailto:[EMAIL PROTECTED]
Sent: segunda-feira, 25 de Julho de 2005 5:20
To: Slide Users Mailing List
Subject: My "dirty" solution to set non-inheritable privileges using webdav
client
I've modified the createNodePermissionList method from
org.apache.slide.webdav.method.AclMethod class as pasted below.
For doing this I send through webdav a new privilege "read-noninheritable"
or "write-noninheritable", and it works fine.
Example, for client:
Ace a = new Ace("/users/auser");
a.setInherited(false);
a.addPrivilege(new
Privilege("ECADEMICUS:","read-noninherited","inherit"));
a.setProtected(false);
a.setNegative(false);
Ace[] aces = new Ace[1];
aces[0]=a;
boolean ok = res.aclMethod("/files/afolder",aces);
Maybe it is not the best, but it was suggested as a posibility. Maybe
someone knows of a better way.
Many thanks,
Máximo
Ing. Máximo Gurméndez
IT Applications Integrator
The British Schools, Montevideo
Máximo Tajes 6400
Tel. 6003421 int. 136
email: [EMAIL PROTECTED]
private List createNodePermissionList( Element aceElm ) throws
PreconditionViolationException, SlideException, JDOMException {
List result = new ArrayList();
String objectUri = resourcePath;
String subjectUri = null;
String actionUri = null;
boolean negative = false;
boolean invert = false;
// ACE principal
Element principalElm = aceElm.getChild(E_PRINCIPAL, DNSP);
if (principalElm == null) {
Element invertElm = aceElm.getChild(E_INVERT, DNSP);
if (invertElm != null) {
invert = true;
principalElm = invertElm.getChild(E_PRINCIPAL, DNSP);
}
}
if (principalElm != null) {
subjectUri = createSubjectUri(principalElm);
}
else {
throw new PreconditionViolationException(
new ViolatedPrecondition("missing-ace-principal",
WebdavStatus.SC_BAD_REQUEST), resourcePath
);
}
// ACE grant and deny
Element grantDenyElm = null;
Element grantElm = aceElm.getChild(E_GRANT, DNSP);
Element denyElm = aceElm.getChild(E_DENY, DNSP);
if (grantElm != null && denyElm == null) {
grantDenyElm = grantElm;
}
else if (grantElm == null && denyElm != null) {
negative = true;
grantDenyElm = denyElm;
}
else if(grantElm != null && denyElm != null) {
throw new PreconditionViolationException(
new ViolatedPrecondition("only-grant-or-deny-allowed",
WebdavStatus.SC_BAD_REQUEST), resourcePath
);
}
else if(grantElm == null && denyElm == null) {
throw new PreconditionViolationException(
new ViolatedPrecondition("missing-grant-or-deny",
WebdavStatus.SC_BAD_REQUEST), resourcePath
);
}
Iterator privilegeIt = grantDenyElm.getChildren(E_PRIVILEGE,
DNSP).iterator();
while (privilegeIt.hasNext()) {
Element privilegeElm = (Element)privilegeIt.next();
actionUri = createActionUri(privilegeElm);
if (actionUri == null) {
throw new PreconditionViolationException(
new ViolatedPrecondition("not-supported-privilege",
WebdavStatus.SC_BAD_REQUEST), resourcePath
);
}
else {
//begin add ecademicus
boolean inherit=true;
if (actionUri.endsWith("-noninherited")) {
inherit=false;
actionUri=actionUri.replaceAll("-noninherited","");
}
//end add ecademicus
//NodePermission np = new NodePermission(objectUri,
subjectUri, actionUri, true, negative);
// mod ecademicus
NodePermission np = new NodePermission(objectUri,
subjectUri, actionUri, inherit, negative);
np.setInvert(invert);
result.add(np);
}
}
return result;
}
