RE: User Authorization based on permissions set to role in Slide2 .1
Hi, Krishna! You are welcome. Actually the org.apache.slide.util.XMLValue class helps me to handle properties which values are XML element lists. You might try to use it as well. Yours sincerely, Andrey. > -Original Message- > From: Slide Users Mailing List [mailto:[EMAIL PROTECTED] > Sent: Thursday, August 05, 2004 2:00 PM > To: [EMAIL PROTECTED] > Subject: RE: User Authorization based on permissions set to > role in Slide2 .1 > Importance: Low > > Andrey, > I ran a few tests using DAVExplorer0.9 to asssign users > to role and check if the permissions are propogated, and > looks like it works if I use the syntax for the > group-member-set property value as you mentioned. Using CDATA > section for the property value is highly mis-leading, since > it seems like it works but does not let the permissions > propogate (althoug the property is set right and you can also > view the property right). So, using CDATA section for any XML > property value is Slide is dangerous. Better use the XML > escape tags like '<' > > Now I will try to update my java code to use the xml escape > tags instead of CDATA, I think it will work OK. > > Thanks for all the help, you really saved my day, you are my hero > > regards, > Krishna > > > > -Original Message- > From: Andrey Shulinsky [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 04, 2004 6:13 PM > To: 'Slide Users Mailing List' > Subject: RE: User Authorization based on permissions set to role in > Slide2 .1 > > > Krishna, try to remove /Slide > Here's how this property should look like in the xml descriptor > (approximately): > > value="<D:href > xmlns:D="DAV:">/users/user1</D:href>" type="" > protected="false"> > > > > ' symbol might not be replaced by " but the user's uri > should start from /users. > > Yours sincerely, > Andrey Shulinskiy. > > > -Original Message- > > From: Slide Users Mailing List > [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, August 04, 2004 7:54 PM > > To: [EMAIL PROTECTED] > > Subject: RE: User Authorization based on permissions set to role in > > Slide2 .1 > > Importance: Low > > > > James, > > Here is the output of the group-member-set property of the role > > "user". Note the value has lot of empty and tab spaces > > > > > > /Slide/users/user1 > > > > > > Java code used to get this property value > > == > > == > > === > > String sPropertyName = "group-member-set"; Enumeration > enumProperties > > = webDavResource.propfindMethod(sPropertyName); > > > > ====== > > == > > = > > > > Krishna > > > > > > > > -Original Message- > > From: James Mason [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, August 04, 2004 4:57 PM > > To: Slide Users Mailing List > > Subject: Re: User Authorization based on permissions set to role in > > Slide2 .1 > > > > > > Can you paste the contents of the group-member-set property of the > > user role? If you notice the root user doesn't have any explicit > > rights to the /files node, everything is inherited through the root > > role. My guess is your user isn't making it into the role properly. > > > > -James > > > > Krishna Kankipati wrote: > > > > > Jason, > > > I checked the acl for this folder, it looks like this: > > > > > > ACL for /Slide/files/folder1: > > > > > > granted to /Slide/roles/user(not protected) (not inherited) > > >DAV:all > > >DAV:write > > > granted to property(not protected) (inherited from > > '/Slide/files') > > >DAV:read-acl > > > granted to /Slide/roles/root(not protected) (inherited from > > '/Slide/') > > >DAV:all > > > granted to all(not protected) (inherited from '/Slide/') > > >DAV:read > > > > > > > > > I added my user 'user1' to role called 'user&
RE: User Authorization based on permissions set to role in Slide2 .1
Andrey, I ran a few tests using DAVExplorer0.9 to asssign users to role and check if the permissions are propogated, and looks like it works if I use the syntax for the group-member-set property value as you mentioned. Using CDATA section for the property value is highly mis-leading, since it seems like it works but does not let the permissions propogate (althoug the property is set right and you can also view the property right). So, using CDATA section for any XML property value is Slide is dangerous. Better use the XML escape tags like '<' Now I will try to update my java code to use the xml escape tags instead of CDATA, I think it will work OK. Thanks for all the help, you really saved my day, you are my hero regards, Krishna -Original Message- From: Andrey Shulinsky [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 04, 2004 6:13 PM To: 'Slide Users Mailing List' Subject: RE: User Authorization based on permissions set to role in Slide2 .1 Krishna, try to remove /Slide Here's how this property should look like in the xml descriptor (approximately): ' symbol might not be replaced by " but the user's uri should start from /users. Yours sincerely, Andrey Shulinskiy. > -Original Message- > From: Slide Users Mailing List [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 04, 2004 7:54 PM > To: [EMAIL PROTECTED] > Subject: RE: User Authorization based on permissions set to > role in Slide2 .1 > Importance: Low > > James, > Here is the output of the group-member-set property of > the role "user". Note the value has lot of empty and tab spaces > > > /Slide/users/user1 > > > Java code used to get this property value > == > == > === > String sPropertyName = "group-member-set"; Enumeration > enumProperties = webDavResource.propfindMethod(sPropertyName); > > == > == > = > > Krishna > > > > -----Original Message- > From: James Mason [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 04, 2004 4:57 PM > To: Slide Users Mailing List > Subject: Re: User Authorization based on permissions set to role in > Slide2 .1 > > > Can you paste the contents of the group-member-set property > of the user role? If you notice the root user doesn't have > any explicit rights to the /files node, everything is > inherited through the root role. My guess is your user isn't > making it into the role properly. > > -James > > Krishna Kankipati wrote: > > > Jason, > > I checked the acl for this folder, it looks like this: > > > > ACL for /Slide/files/folder1: > > > > granted to /Slide/roles/user(not protected) (not inherited) > >DAV:all > >DAV:write > > granted to property(not protected) (inherited from > '/Slide/files') > >DAV:read-acl > > granted to /Slide/roles/root(not protected) (inherited from > '/Slide/') > >DAV:all > > granted to all(not protected) (inherited from '/Slide/') > >DAV:read > > > > > > I added my user 'user1' to role called 'user' using > group-member-set > > property (also checked it). Since the role 'user' has the > permissions > > to write to folder 'folder1', as seen by the ACL output, and there > > seems to > be > > no contradiction to any other ace's in the acl list, I expected my > > user 'user1' to have necessary permissions to upload a file to > > 'folder1'. But > I > > get 403 forbidden error. I can login as root and using the same > > command > can > > upload a file to 'folder1'. So, I am not sure whats wrong. > Initially I > > thought may be the group-member-set is not set properly, so used > DAVExplorer > > to do the same with no avail. Do you think I am missing > something, how > > do > I > > debug this situation? > > > > > > thanks, > > > > regards, > > Krishna > > > > > > > > -Original Message- > > From: James Mason [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, August 04, 2004 2:34 PM > > To: Slide Users Mailing List > > Subject: Re
RE: User Authorization based on permissions set to role in Slide2 .1
Andrey , I will try that and see if it helps thanks, Krishna -Original Message- From: Andrey Shulinsky [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 04, 2004 6:13 PM To: 'Slide Users Mailing List' Subject: RE: User Authorization based on permissions set to role in Slide2 .1 Krishna, try to remove /Slide Here's how this property should look like in the xml descriptor (approximately): ' symbol might not be replaced by " but the user's uri should start from /users. Yours sincerely, Andrey Shulinskiy. > -Original Message- > From: Slide Users Mailing List [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 04, 2004 7:54 PM > To: [EMAIL PROTECTED] > Subject: RE: User Authorization based on permissions set to > role in Slide2 .1 > Importance: Low > > James, > Here is the output of the group-member-set property of > the role "user". Note the value has lot of empty and tab spaces > > > /Slide/users/user1 > > > Java code used to get this property value > == > == > === > String sPropertyName = "group-member-set"; Enumeration > enumProperties = webDavResource.propfindMethod(sPropertyName); > > == > == > = > > Krishna > > > > -Original Message- > From: James Mason [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 04, 2004 4:57 PM > To: Slide Users Mailing List > Subject: Re: User Authorization based on permissions set to role in > Slide2 .1 > > > Can you paste the contents of the group-member-set property > of the user role? If you notice the root user doesn't have > any explicit rights to the /files node, everything is > inherited through the root role. My guess is your user isn't > making it into the role properly. > > -James > > Krishna Kankipati wrote: > > > Jason, > > I checked the acl for this folder, it looks like this: > > > > ACL for /Slide/files/folder1: > > > > granted to /Slide/roles/user(not protected) (not inherited) > >DAV:all > >DAV:write > > granted to property(not protected) (inherited from > '/Slide/files') > >DAV:read-acl > > granted to /Slide/roles/root(not protected) (inherited from > '/Slide/') > >DAV:all > > granted to all(not protected) (inherited from '/Slide/') > >DAV:read > > > > > > I added my user 'user1' to role called 'user' using > group-member-set > > property (also checked it). Since the role 'user' has the > permissions > > to write to folder 'folder1', as seen by the ACL output, and there > > seems to > be > > no contradiction to any other ace's in the acl list, I expected my > > user 'user1' to have necessary permissions to upload a file to > > 'folder1'. But > I > > get 403 forbidden error. I can login as root and using the same > > command > can > > upload a file to 'folder1'. So, I am not sure whats wrong. > Initially I > > thought may be the group-member-set is not set properly, so used > DAVExplorer > > to do the same with no avail. Do you think I am missing > something, how > > do > I > > debug this situation? > > > > > > thanks, > > > > regards, > > Krishna > > > > > > > > -Original Message- > > From: James Mason [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, August 04, 2004 2:34 PM > > To: Slide Users Mailing List > > Subject: Re: User Authorization based on permissions set to role in > > Slide2.1 > > > > > > Krishna, > > Permissions on a role are inherited by the members of that > role, yes. > > One thing to check is that your user isn't being denied > write access > > but another ACL that's higher in the list. ACLs are checked > in order > > and the first one that applies takes precedence. If user1 > is in a role > > that has been denied the ability to write, and that ACE > appears in the > > ACL before the permission that grants write access, user1 will not > > have write > access. > > > >
RE: User Authorization based on permissions set to role in Slide2 .1
Krishna, try to remove /Slide Here's how this property should look like in the xml descriptor (approximately): ' symbol might not be replaced by " but the user's uri should start from /users. Yours sincerely, Andrey Shulinskiy. > -Original Message- > From: Slide Users Mailing List [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 04, 2004 7:54 PM > To: [EMAIL PROTECTED] > Subject: RE: User Authorization based on permissions set to > role in Slide2 .1 > Importance: Low > > James, > Here is the output of the group-member-set property of > the role "user". Note the value has lot of empty and tab spaces > > > /Slide/users/user1 > > > Java code used to get this property value > == > == > === > String sPropertyName = "group-member-set"; Enumeration > enumProperties = webDavResource.propfindMethod(sPropertyName); > > == > == > = > > Krishna > > > > -Original Message----- > From: James Mason [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 04, 2004 4:57 PM > To: Slide Users Mailing List > Subject: Re: User Authorization based on permissions set to role in > Slide2 .1 > > > Can you paste the contents of the group-member-set property > of the user role? If you notice the root user doesn't have > any explicit rights to the /files node, everything is > inherited through the root role. My guess is your user isn't > making it into the role properly. > > -James > > Krishna Kankipati wrote: > > > Jason, > > I checked the acl for this folder, it looks like this: > > > > ACL for /Slide/files/folder1: > > > > granted to /Slide/roles/user(not protected) (not inherited) > >DAV:all > >DAV:write > > granted to property(not protected) (inherited from > '/Slide/files') > >DAV:read-acl > > granted to /Slide/roles/root(not protected) (inherited from > '/Slide/') > >DAV:all > > granted to all(not protected) (inherited from '/Slide/') > >DAV:read > > > > > > I added my user 'user1' to role called 'user' using > group-member-set > > property (also checked it). Since the role 'user' has the > permissions > > to write to folder 'folder1', as seen by the ACL output, and there > > seems to > be > > no contradiction to any other ace's in the acl list, I expected my > > user 'user1' to have necessary permissions to upload a file to > > 'folder1'. But > I > > get 403 forbidden error. I can login as root and using the same > > command > can > > upload a file to 'folder1'. So, I am not sure whats wrong. > Initially I > > thought may be the group-member-set is not set properly, so used > DAVExplorer > > to do the same with no avail. Do you think I am missing > something, how > > do > I > > debug this situation? > > > > > > thanks, > > > > regards, > > Krishna > > > > > > > > -Original Message- > > From: James Mason [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, August 04, 2004 2:34 PM > > To: Slide Users Mailing List > > Subject: Re: User Authorization based on permissions set to role in > > Slide2.1 > > > > > > Krishna, > > Permissions on a role are inherited by the members of that > role, yes. > > One thing to check is that your user isn't being denied > write access > > but another ACL that's higher in the list. ACLs are checked > in order > > and the first one that applies takes precedence. If user1 > is in a role > > that has been denied the ability to write, and that ACE > appears in the > > ACL before the permission that grants write access, user1 will not > > have write > access. > > > > -James > > > > Krishna Kankipati wrote: > > > > > >>Hi Folks, > >>I am re-posting this mail since I haven't got any > replies yet. I am > >>hoping there is some developer there who might have tried to play > >>around with permissions in S
Re: User Authorization based on permissions set to role in Slide2 .1
I don't think you need the /Slide part on there. It should just be /users/user1. The empty and tab spaces are a bug that is fixed in the next release. XML data isn't converted to strings properly. -James Krishna Kankipati wrote: James, Here is the output of the group-member-set property of the role "user". Note the value has lot of empty and tab spaces /Slide/users/user1 Java code used to get this property value === String sPropertyName = "group-member-set"; Enumeration enumProperties = webDavResource.propfindMethod(sPropertyName); = Krishna -Original Message- From: James Mason [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 04, 2004 4:57 PM To: Slide Users Mailing List Subject: Re: User Authorization based on permissions set to role in Slide2 .1 Can you paste the contents of the group-member-set property of the user role? If you notice the root user doesn't have any explicit rights to the /files node, everything is inherited through the root role. My guess is your user isn't making it into the role properly. -James Krishna Kankipati wrote: Jason, I checked the acl for this folder, it looks like this: ACL for /Slide/files/folder1: granted to /Slide/roles/user(not protected) (not inherited) DAV:all DAV:write granted to property(not protected) (inherited from '/Slide/files') DAV:read-acl granted to /Slide/roles/root(not protected) (inherited from '/Slide/') DAV:all granted to all(not protected) (inherited from '/Slide/') DAV:read I added my user 'user1' to role called 'user' using group-member-set property (also checked it). Since the role 'user' has the permissions to write to folder 'folder1', as seen by the ACL output, and there seems to be no contradiction to any other ace's in the acl list, I expected my user 'user1' to have necessary permissions to upload a file to 'folder1'. But I get 403 forbidden error. I can login as root and using the same command can upload a file to 'folder1'. So, I am not sure whats wrong. Initially I thought may be the group-member-set is not set properly, so used DAVExplorer to do the same with no avail. Do you think I am missing something, how do I debug this situation? thanks, regards, Krishna -Original Message- From: James Mason [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 04, 2004 2:34 PM To: Slide Users Mailing List Subject: Re: User Authorization based on permissions set to role in Slide2.1 Krishna, Permissions on a role are inherited by the members of that role, yes. One thing to check is that your user isn't being denied write access but another ACL that's higher in the list. ACLs are checked in order and the first one that applies takes precedence. If user1 is in a role that has been denied the ability to write, and that ACE appears in the ACL before the permission that grants write access, user1 will not have write access. -James Krishna Kankipati wrote: Hi Folks, I am re-posting this mail since I haven't got any replies yet. I am hoping there is some developer there who might have tried to play around with permissions in Slide2.1M1. My problem is that when I assign some permissions to a role, those permissions are not propogated to the users in that role. If not for permissions what else is the purpose of having roles at all? I am sure it is not just for logical grouping of users. Any help is appreciated .. thanks in advance regards, Krishna -Original Message- From: Krishna Kankipati Sent: Tuesday, August 03, 2004 5:47 PM To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED] Subject: User Authorization based on permissions set to role in Slide2.1 Michael, I was searching the mail archive for some help on permissions and came upon this discussion you were having with some developer which seemed relevant to my question: http://www.mail-archive.com/[EMAIL PROTECTED]/msg05056.html Does slide permissions propogate based on role memberships. I mean, if I create a role called "role1", and add a user called "user1" to it, will user1 get all the permissions that are assigned to role1. I've seen in my tests that although I gave enough "write" permissions to "role1", Slide does not allow "user1" to write unless I add the "write" permission to "user1" itself. Am I missing something or is it a bug. What is your opinion on this? I am
RE: User Authorization based on permissions set to role in Slide2 .1
Andrey, No, I haven't tried that, but I've tried giving "all" permission to the role, didn't work. If I give the write permission to the particular user it works. Kirshna -Original Message- From: Andrey Shulinsky [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 04, 2004 4:52 PM To: 'Slide Users Mailing List' Subject: RE: User Authorization based on permissions set to role in Slide2.1 One more thing - try to give your user "read" permission to the folder along with the "write" permission. Does it help? Yours sincerely, Andrey. > -Original Message- > From: Slide Users Mailing List [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 04, 2004 11:50 AM > To: '[EMAIL PROTECTED]' > Subject: User Authorization based on permissions set to role > in Slide2.1 > Importance: Low > > Hi Folks, > I am re-posting this mail since I haven't got any > replies yet. I am hoping there is some developer there who > might have tried to play around with permissions in > Slide2.1M1. My problem is that when I assign some permissions > to a role, those permissions are not propogated to the users > in that role. If not for permissions what else is the purpose > of having roles at all? I am sure it is not just for logical > grouping of users. Any help is appreciated .. > > thanks in advance > > regards, > > Krishna > > > > -Original Message- > > From: Krishna Kankipati > > Sent: Tuesday, August 03, 2004 5:47 PM > > To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED] > > Subject:User Authorization based on permissions set to role in > > Slide2.1 > > > > Michael, > > I was searching the mail archive for some help on > permissions and > > came upon this discussion you were having with some developer which > seemed > > relevant to my question: > > > http://www.mail-archive.com/[EMAIL PROTECTED]/msg05056.htm > > l > > > > Does slide permissions propogate based on role memberships. > I mean, if > > I create a role called "role1", and add a user called > "user1" to it, > > will > > user1 get all the permissions that are assigned to role1. > I've seen in > > my tests that although I gave enough "write" permissions to > "role1", > > Slide does not allow "user1" to write unless I add the "write" > > permission to "user1" itself. Am I missing something or is > it a bug. > > What is your opinion on this? I am using Slide 2.1M1 and > command line > > client to grant permissions to /Slide/files collection. > > > > thanks > > > > regards, > > Krishna > > > > > > Krishna Kankipati > > Software Engineer > > SSA Global > > * 1626 Cole Blvd. Golden, CO 80401, USA > > * 303-274-3027 > > Fax:303-274-3137 > > * [EMAIL PROTECTED] > > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: User Authorization based on permissions set to role in Slide2 .1
James, Here is the output of the group-member-set property of the role "user". Note the value has lot of empty and tab spaces /Slide/users/user1 Java code used to get this property value === String sPropertyName = "group-member-set"; Enumeration enumProperties = webDavResource.propfindMethod(sPropertyName); = Krishna -Original Message- From: James Mason [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 04, 2004 4:57 PM To: Slide Users Mailing List Subject: Re: User Authorization based on permissions set to role in Slide2 .1 Can you paste the contents of the group-member-set property of the user role? If you notice the root user doesn't have any explicit rights to the /files node, everything is inherited through the root role. My guess is your user isn't making it into the role properly. -James Krishna Kankipati wrote: > Jason, > I checked the acl for this folder, it looks like this: > > ACL for /Slide/files/folder1: > > granted to /Slide/roles/user(not protected) (not inherited) >DAV:all >DAV:write > granted to property(not protected) (inherited from '/Slide/files') >DAV:read-acl > granted to /Slide/roles/root(not protected) (inherited from '/Slide/') >DAV:all > granted to all(not protected) (inherited from '/Slide/') >DAV:read > > > I added my user 'user1' to role called 'user' using group-member-set > property (also checked it). Since the role 'user' has the permissions to > write to folder 'folder1', as seen by the ACL output, and there seems to be > no contradiction to any other ace's in the acl list, I expected my user > 'user1' to have necessary permissions to upload a file to 'folder1'. But I > get 403 forbidden error. I can login as root and using the same command can > upload a file to 'folder1'. So, I am not sure whats wrong. Initially I > thought may be the group-member-set is not set properly, so used DAVExplorer > to do the same with no avail. Do you think I am missing something, how do I > debug this situation? > > > thanks, > > regards, > Krishna > > > > -Original Message- > From: James Mason [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 04, 2004 2:34 PM > To: Slide Users Mailing List > Subject: Re: User Authorization based on permissions set to role in > Slide2.1 > > > Krishna, > Permissions on a role are inherited by the members of that role, yes. > One thing to check is that your user isn't being denied write access but > another ACL that's higher in the list. ACLs are checked in order and the > first one that applies takes precedence. If user1 is in a role that has > been denied the ability to write, and that ACE appears in the ACL before > the permission that grants write access, user1 will not have write access. > > -James > > Krishna Kankipati wrote: > > >>Hi Folks, >> I am re-posting this mail since I haven't got any replies yet. I am >>hoping there is some developer there who might have tried to play around >>with permissions in Slide2.1M1. My problem is that when I assign some >>permissions to a role, those permissions are not propogated to the users > > in > >>that role. If not for permissions what else is the purpose of having roles >>at all? I am sure it is not just for logical grouping of users. Any help > > is > >>appreciated .. >> >>thanks in advance >> >>regards, >> >>Krishna >> >> >> >> >>>-Original Message- >>>From:Krishna Kankipati >>>Sent:Tuesday, August 03, 2004 5:47 PM >>>To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED] >>>Subject: User Authorization based on permissions set to role in >>>Slide2.1 >>> >>>Michael, >>> I was searching the mail archive for some help on permissions and >>>came upon this discussion you were having with some developer which seemed >>>relevant to my question: >>>http://www.mail-archive.com/[EMAIL PROTECTED]/msg05056.html >>> >>>Does slide permissions propogate based on role memberships. I mean, if I >>>cre
Re: User Authorization based on permissions set to role in Slide2 .1
Can you paste the contents of the group-member-set property of the user role? If you notice the root user doesn't have any explicit rights to the /files node, everything is inherited through the root role. My guess is your user isn't making it into the role properly. -James Krishna Kankipati wrote: Jason, I checked the acl for this folder, it looks like this: ACL for /Slide/files/folder1: granted to /Slide/roles/user(not protected) (not inherited) DAV:all DAV:write granted to property(not protected) (inherited from '/Slide/files') DAV:read-acl granted to /Slide/roles/root(not protected) (inherited from '/Slide/') DAV:all granted to all(not protected) (inherited from '/Slide/') DAV:read I added my user 'user1' to role called 'user' using group-member-set property (also checked it). Since the role 'user' has the permissions to write to folder 'folder1', as seen by the ACL output, and there seems to be no contradiction to any other ace's in the acl list, I expected my user 'user1' to have necessary permissions to upload a file to 'folder1'. But I get 403 forbidden error. I can login as root and using the same command can upload a file to 'folder1'. So, I am not sure whats wrong. Initially I thought may be the group-member-set is not set properly, so used DAVExplorer to do the same with no avail. Do you think I am missing something, how do I debug this situation? thanks, regards, Krishna -Original Message- From: James Mason [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 04, 2004 2:34 PM To: Slide Users Mailing List Subject: Re: User Authorization based on permissions set to role in Slide2.1 Krishna, Permissions on a role are inherited by the members of that role, yes. One thing to check is that your user isn't being denied write access but another ACL that's higher in the list. ACLs are checked in order and the first one that applies takes precedence. If user1 is in a role that has been denied the ability to write, and that ACE appears in the ACL before the permission that grants write access, user1 will not have write access. -James Krishna Kankipati wrote: Hi Folks, I am re-posting this mail since I haven't got any replies yet. I am hoping there is some developer there who might have tried to play around with permissions in Slide2.1M1. My problem is that when I assign some permissions to a role, those permissions are not propogated to the users in that role. If not for permissions what else is the purpose of having roles at all? I am sure it is not just for logical grouping of users. Any help is appreciated .. thanks in advance regards, Krishna -Original Message- From: Krishna Kankipati Sent: Tuesday, August 03, 2004 5:47 PM To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED] Subject: User Authorization based on permissions set to role in Slide2.1 Michael, I was searching the mail archive for some help on permissions and came upon this discussion you were having with some developer which seemed relevant to my question: http://www.mail-archive.com/[EMAIL PROTECTED]/msg05056.html Does slide permissions propogate based on role memberships. I mean, if I create a role called "role1", and add a user called "user1" to it, will user1 get all the permissions that are assigned to role1. I've seen in my tests that although I gave enough "write" permissions to "role1", Slide does not allow "user1" to write unless I add the "write" permission to "user1" itself. Am I missing something or is it a bug. What is your opinion on this? I am using Slide 2.1M1 and command line client to grant permissions to /Slide/files collection. thanks regards, Krishna Krishna Kankipati Software Engineer SSA Global * 1626 Cole Blvd. Golden, CO 80401, USA * 303-274-3027 Fax:303-274-3137 * [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: User Authorization based on permissions set to role in Slide2 .1
Jason, I checked the acl for this folder, it looks like this: ACL for /Slide/files/folder1: granted to /Slide/roles/user(not protected) (not inherited) DAV:all DAV:write granted to property(not protected) (inherited from '/Slide/files') DAV:read-acl granted to /Slide/roles/root(not protected) (inherited from '/Slide/') DAV:all granted to all(not protected) (inherited from '/Slide/') DAV:read I added my user 'user1' to role called 'user' using group-member-set property (also checked it). Since the role 'user' has the permissions to write to folder 'folder1', as seen by the ACL output, and there seems to be no contradiction to any other ace's in the acl list, I expected my user 'user1' to have necessary permissions to upload a file to 'folder1'. But I get 403 forbidden error. I can login as root and using the same command can upload a file to 'folder1'. So, I am not sure whats wrong. Initially I thought may be the group-member-set is not set properly, so used DAVExplorer to do the same with no avail. Do you think I am missing something, how do I debug this situation? thanks, regards, Krishna -Original Message- From: James Mason [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 04, 2004 2:34 PM To: Slide Users Mailing List Subject: Re: User Authorization based on permissions set to role in Slide2.1 Krishna, Permissions on a role are inherited by the members of that role, yes. One thing to check is that your user isn't being denied write access but another ACL that's higher in the list. ACLs are checked in order and the first one that applies takes precedence. If user1 is in a role that has been denied the ability to write, and that ACE appears in the ACL before the permission that grants write access, user1 will not have write access. -James Krishna Kankipati wrote: > Hi Folks, > I am re-posting this mail since I haven't got any replies yet. I am > hoping there is some developer there who might have tried to play around > with permissions in Slide2.1M1. My problem is that when I assign some > permissions to a role, those permissions are not propogated to the users in > that role. If not for permissions what else is the purpose of having roles > at all? I am sure it is not just for logical grouping of users. Any help is > appreciated .. > > thanks in advance > > regards, > > Krishna > > > >> -Original Message- >>From: Krishna Kankipati >>Sent: Tuesday, August 03, 2004 5:47 PM >>To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED] >>Subject: User Authorization based on permissions set to role in >>Slide2.1 >> >>Michael, >> I was searching the mail archive for some help on permissions and >>came upon this discussion you were having with some developer which seemed >>relevant to my question: >>http://www.mail-archive.com/[EMAIL PROTECTED]/msg05056.html >> >>Does slide permissions propogate based on role memberships. I mean, if I >>create a role called "role1", and add a user called "user1" to it, will >>user1 get all the permissions that are assigned to role1. I've seen in my >>tests that although I gave enough "write" permissions to "role1", Slide >>does not allow "user1" to write unless I add the "write" permission to >>"user1" itself. Am I missing something or is it a bug. What is your >>opinion on this? I am using Slide 2.1M1 and command line client to grant >>permissions to /Slide/files collection. >> >>thanks >> >>regards, >>Krishna >> >> >>Krishna Kankipati >>Software Engineer >>SSA Global >>* 1626 Cole Blvd. Golden, CO 80401, USA >>* 303-274-3027 >>Fax:303-274-3137 >>* [EMAIL PROTECTED] >> > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: User Authorization based on permissions set to role in Slide2 .1
Guido, I did check both that you mentioned. The auto-versioning was set to false in Domain.xml and when I check for property current-user-privilege-set for folder1, it returns 'Read'. Although acl for folder1 looks like this: Note that my user 'user1' was added to role 'user' by setting the group-member-set property for the role 'user'. ACL for /Slide/files/folder1: granted to /Slide/roles/user(not protected) (not inherited) DAV:all DAV:write granted to property(not protected) (inherited from '/Slide/files') DAV:read-acl granted to /Slide/roles/root(not protected) (inherited from '/Slide/') DAV:all granted to all(not protected) (inherited from '/Slide/') DAV:read So, looks like assigning the user 'user1' to role 'user' is not propogating the permissions of role 'user' to user 'user1' To make sure I also used DAVExplorer to edit the group-member-set property of the role 'user' to include user 'user1' ... didn't help. Any thoughts? thanks, regards, Krishna -Original Message----- From: Guido Casper [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 04, 2004 2:25 PM To: Slide Users Mailing List Subject: Re: User Authorization based on permissions set to role in Slide2 .1 Krishna Kankipati wrote: > Hi Andrey, > Thanks for the response. As we speak I am doing some tests > using the Slide Command Line tool (it uses Webdav Client internally). I > added a new user (user1) and a new role (role1) using webdav client. I did > this using mkcol command on users and roles collection. After that I use > Webdav client (proppatchMethod()) to set the property "group-member-set" of > role "role1" to include "user1" as member of this role. This seemed to work > fine. Also, when I use propfindMethod() from webdav client to check the > property value of group-member-set, it shows user1 as a member of role1. > After that I use command line tool to login as root and assign "write" > permission on a new folder I created under /files to /roles/role1. > The command I use is: > > grant write on /Slide/files/folder1 to /Slide/roles/role1 > > If I check acl propery for /Slide/files/folder1, I can see that write > permission is assigned to role1 for folder1. > > Now, when I login back as user1, I cannot upload a file to the above folder, > I get 403 Forbidden error. A possible reason for 403s might be that you have auto-versioning set but inadequate permissions on the /history folder. You may also want to check the "current-user-privilege-set" property of folder1 to see if the write permission gets properly propagated from role to user. HTH Guido > > Can you validate that this works for you (I'll appreciate if you can grant > permissions using command line tool and validate that the permission works > properly). You can use acl command to find the permissions on any > folder/file. > > thanks, > > regards, > Krishna > > > -Original Message- > From: Andrey Shulinsky [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 04, 2004 12:56 PM > To: 'Slide Users Mailing List' > Subject: RE: User Authorization based on permissions set to role in > Slide2.1 > > > Hi, Krishna! > > Everything should work fine in the case you've described. Actually, I'm > testing permissions at the moment and it's one of my own test cases. I am > using the Security helper directly though, not the client. > Haven't you checked the descriptors of the "role1" and the file you're > granting access to ensure that "user1" is really in the "group-member-set" > property of the role and that the permission is set in the file descriptor? > > Yours sincerely, > Andrey. > > >>-Original Message- >>From: Slide Users Mailing List [mailto:[EMAIL PROTECTED] >>Sent: Wednesday, August 04, 2004 11:50 AM >>To: '[EMAIL PROTECTED]' >>Subject: User Authorization based on permissions set to role >>in Slide2.1 >>Importance: Low >> >>Hi Folks, >> I am re-posting this mail since I haven't got any >>replies yet. I am hoping there is some developer there who >>might have tried to play around with permissions in >>Slide2.1M1. My problem is that when I assign some permissions >>to a role, those permissions are not propogated to the users >>in that role. If not for permissions what else is the purpose >>of having roles at all? I am sure it
Re: User Authorization based on permissions set to role in Slide2 .1
Krishna Kankipati wrote: Hi Andrey, Thanks for the response. As we speak I am doing some tests using the Slide Command Line tool (it uses Webdav Client internally). I added a new user (user1) and a new role (role1) using webdav client. I did this using mkcol command on users and roles collection. After that I use Webdav client (proppatchMethod()) to set the property "group-member-set" of role "role1" to include "user1" as member of this role. This seemed to work fine. Also, when I use propfindMethod() from webdav client to check the property value of group-member-set, it shows user1 as a member of role1. After that I use command line tool to login as root and assign "write" permission on a new folder I created under /files to /roles/role1. The command I use is: grant write on /Slide/files/folder1 to /Slide/roles/role1 If I check acl propery for /Slide/files/folder1, I can see that write permission is assigned to role1 for folder1. Now, when I login back as user1, I cannot upload a file to the above folder, I get 403 Forbidden error. A possible reason for 403s might be that you have auto-versioning set but inadequate permissions on the /history folder. You may also want to check the "current-user-privilege-set" property of folder1 to see if the write permission gets properly propagated from role to user. HTH Guido Can you validate that this works for you (I'll appreciate if you can grant permissions using command line tool and validate that the permission works properly). You can use acl command to find the permissions on any folder/file. thanks, regards, Krishna -Original Message- From: Andrey Shulinsky [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 04, 2004 12:56 PM To: 'Slide Users Mailing List' Subject: RE: User Authorization based on permissions set to role in Slide2.1 Hi, Krishna! Everything should work fine in the case you've described. Actually, I'm testing permissions at the moment and it's one of my own test cases. I am using the Security helper directly though, not the client. Haven't you checked the descriptors of the "role1" and the file you're granting access to ensure that "user1" is really in the "group-member-set" property of the role and that the permission is set in the file descriptor? Yours sincerely, Andrey. -Original Message- From: Slide Users Mailing List [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 04, 2004 11:50 AM To: '[EMAIL PROTECTED]' Subject: User Authorization based on permissions set to role in Slide2.1 Importance: Low Hi Folks, I am re-posting this mail since I haven't got any replies yet. I am hoping there is some developer there who might have tried to play around with permissions in Slide2.1M1. My problem is that when I assign some permissions to a role, those permissions are not propogated to the users in that role. If not for permissions what else is the purpose of having roles at all? I am sure it is not just for logical grouping of users. Any help is appreciated .. thanks in advance regards, Krishna -Original Message- From: Krishna Kankipati Sent: Tuesday, August 03, 2004 5:47 PM To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED] Subject: User Authorization based on permissions set to role in Slide2.1 Michael, I was searching the mail archive for some help on permissions and came upon this discussion you were having with some developer which seemed relevant to my question: http://www.mail-archive.com/[EMAIL PROTECTED]/msg05056.htm l Does slide permissions propogate based on role memberships. I mean, if I create a role called "role1", and add a user called "user1" to it, will user1 get all the permissions that are assigned to role1. I've seen in my tests that although I gave enough "write" permissions to "role1", Slide does not allow "user1" to write unless I add the "write" permission to "user1" itself. Am I missing something or is it a bug. What is your opinion on this? I am using Slide 2.1M1 and command line client to grant permissions to /Slide/files collection. thanks regards, Krishna Krishna Kankipati Software Engineer SSA Global * 1626 Cole Blvd. Golden, CO 80401, USA * 303-274-3027 Fax:303-274-3137 * [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: User Authorization based on permissions set to role in Slide2 .1
Hi Andrey, Thanks for the response. As we speak I am doing some tests using the Slide Command Line tool (it uses Webdav Client internally). I added a new user (user1) and a new role (role1) using webdav client. I did this using mkcol command on users and roles collection. After that I use Webdav client (proppatchMethod()) to set the property "group-member-set" of role "role1" to include "user1" as member of this role. This seemed to work fine. Also, when I use propfindMethod() from webdav client to check the property value of group-member-set, it shows user1 as a member of role1. After that I use command line tool to login as root and assign "write" permission on a new folder I created under /files to /roles/role1. The command I use is: grant write on /Slide/files/folder1 to /Slide/roles/role1 If I check acl propery for /Slide/files/folder1, I can see that write permission is assigned to role1 for folder1. Now, when I login back as user1, I cannot upload a file to the above folder, I get 403 Forbidden error. Can you validate that this works for you (I'll appreciate if you can grant permissions using command line tool and validate that the permission works properly). You can use acl command to find the permissions on any folder/file. thanks, regards, Krishna -Original Message- From: Andrey Shulinsky [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 04, 2004 12:56 PM To: 'Slide Users Mailing List' Subject: RE: User Authorization based on permissions set to role in Slide2.1 Hi, Krishna! Everything should work fine in the case you've described. Actually, I'm testing permissions at the moment and it's one of my own test cases. I am using the Security helper directly though, not the client. Haven't you checked the descriptors of the "role1" and the file you're granting access to ensure that "user1" is really in the "group-member-set" property of the role and that the permission is set in the file descriptor? Yours sincerely, Andrey. > -Original Message- > From: Slide Users Mailing List [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 04, 2004 11:50 AM > To: '[EMAIL PROTECTED]' > Subject: User Authorization based on permissions set to role > in Slide2.1 > Importance: Low > > Hi Folks, > I am re-posting this mail since I haven't got any > replies yet. I am hoping there is some developer there who > might have tried to play around with permissions in > Slide2.1M1. My problem is that when I assign some permissions > to a role, those permissions are not propogated to the users > in that role. If not for permissions what else is the purpose > of having roles at all? I am sure it is not just for logical > grouping of users. Any help is appreciated .. > > thanks in advance > > regards, > > Krishna > > > > -Original Message- > > From: Krishna Kankipati > > Sent: Tuesday, August 03, 2004 5:47 PM > > To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED] > > Subject:User Authorization based on permissions set to role in > > Slide2.1 > > > > Michael, > > I was searching the mail archive for some help on > permissions and > > came upon this discussion you were having with some developer which > seemed > > relevant to my question: > > > http://www.mail-archive.com/[EMAIL PROTECTED]/msg05056.htm > > l > > > > Does slide permissions propogate based on role memberships. > I mean, if > > I create a role called "role1", and add a user called > "user1" to it, > > will > > user1 get all the permissions that are assigned to role1. > I've seen in > > my tests that although I gave enough "write" permissions to > "role1", > > Slide does not allow "user1" to write unless I add the "write" > > permission to "user1" itself. Am I missing something or is > it a bug. > > What is your opinion on this? I am using Slide 2.1M1 and > command line > > client to grant permissions to /Slide/files collection. > > > > thanks > > > > regards, > > Krishna > > > > > > Krishna Kankipati > > Software Engineer > > SSA Global > > * 1626 Cole Blvd. Golden, CO 80401, USA > > * 303-274-3027 > > Fax:303-274-3137 > > * [EMAIL PROTECTED] > > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
