RE: Permission... Help me please
Hello Nicolas, Your intent is possible. I can't find anything wrong with your configuration, so I would recommend going to the Slide's web.xml and set the property directory-browsing-hide-acl set to false. That might help you debugging the permissions you are really setting. Hope this helps, Miguel Figueiredo -Original Message- From: Nicolas Duperré [mailto:[EMAIL PROTECTED] Sent: sexta-feira, 25 de Novembro de 2005 20:37 To: slide-user@jakarta.apache.org Subject: Permission... Help me please Let's say user Bob has two roles users and powerUsers. How can Bob be able to read/write /public AND /public/power while Alice with only the role Users be able to read only /public AND NOT /public/power I have tried the following config but Bob cannot read /public/power : objectnode classname=org.apache.slide.structure.SubjectNode uri=/roles/users revision property name=group-member-set![CDATA[ D:href xmlns:D='DAV:'/users/Bob/D:href D:href xmlns:D='DAV:'/users/Alice/D:href /property /revision /objectnode objectnode classname=org.apache.slide.structure.SubjectNode uri=/roles/powerUsers revision property name=group-member-set![CDATA[ D:href xmlns:D='DAV:'/users/Bob/D:href /property /revision /objectnode objectnode classname=org.apache.slide.structure.SubjectNode uri=/public permission action=/actions/read subject=/roles/Users inheritable=false/ permission action=/actions/read subject=/roles/PowerUsers inheritable=true/ permission action=/actions/write subject=/roles/PowerUsers inheritable=true/ objectnode classname=org.apache.slide.structure.SubjectNode uri=/public/power permission action=/actions/read subject=/roles/Users inheritable=true negative=true/ permission action=/actions/read subject=/roles/PowerUsers inheritable=true/ permission action=/actions/write subject=/roles/PowerUsers inheritable=true/ /objectnode /objectnode Can this be done ? Am I missing something ? Thank you very much - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Permission... Help me please
Hello Nicolas, may be it works if you change the order of access rules: especially objectnode classname=org.apache.slide.structure.SubjectNode uri=/public/power permission action=/actions/read subject=/roles/Users inheritable=true negative=true/ permission action=/actions/read subject=/roles/PowerUsers inheritable=true/ permission action=/actions/write subject=/roles/PowerUsers inheritable=true/ /objectnode bob is member of Users and PowerUsers, i guess the first rule match for bob also: He is a member of Users and Users are not permitted to read. Try to put the rules for PowerUsers on top. It is a litle bit like configuring a firewall, I think :) If iot does not help try to switch on debugging in the Domain.xml, the output tells you which rule was applied to bob. regards thomas Nicolas Duperré schrieb: Let's say user Bob has two roles users and powerUsers. How can Bob be able to read/write /public AND /public/power while Alice with only the role Users be able to read only /public AND NOT /public/power I have tried the following config but Bob cannot read /public/power : objectnode classname=org.apache.slide.structure.SubjectNode uri=/roles/users revision property name=group-member-set![CDATA[ D:href xmlns:D='DAV:'/users/Bob/D:href D:href xmlns:D='DAV:'/users/Alice/D:href /property /revision /objectnode objectnode classname=org.apache.slide.structure.SubjectNode uri=/roles/powerUsers revision property name=group-member-set![CDATA[ D:href xmlns:D='DAV:'/users/Bob/D:href /property /revision /objectnode objectnode classname=org.apache.slide.structure.SubjectNode uri=/public permission action=/actions/read subject=/roles/Users inheritable=false/ permission action=/actions/read subject=/roles/PowerUsers inheritable=true/ permission action=/actions/write subject=/roles/PowerUsers inheritable=true/ objectnode classname=org.apache.slide.structure.SubjectNode uri=/public/power permission action=/actions/read subject=/roles/Users inheritable=true negative=true/ permission action=/actions/read subject=/roles/PowerUsers inheritable=true/ permission action=/actions/write subject=/roles/PowerUsers inheritable=true/ /objectnode /objectnode Can this be done ? Am I missing something ? Thank you very much - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]