Hi,
I wonder if there is something going wrong this ACL inheritance.
I have the following tree :
/
<permission action="all" subject="/roles/root"
inheritable="true"/>
<permission action="/actions/read-acl" subject="all"
inheritable="true" negative="true"/>
<permission action="/actions/write-acl" subject="all"
inheritable="true" negative="true"/>
<permission action="/actions/unlock" subject="all"
inheritable="true" negative="true"/>
<permission action="/actions/read" subject="all"
inheritable="true"/>
/files
<permission action="all" subject="/roles/root"
inheritable="true"/>
<permission action="/actions/read-acl" subject="owner"
inheritable="true"/>
<permission action="/actions/read" subject="all"
inheritable="true"/> <!-- not necessary because inherited from / -->
/files/test
/files/test/acl
<permission action="/actions/write" subject="/users/bourges"
inheritable="false"/>
The user "bourges" can NOT write in "/files/test/acl" except if I change
the permission inheritance (of the acl directory) into : inheritable="true".
My acl_inheritance_type is set to "path".
I have tried reinstalling a new clean Slide 2.1 server and also tried
with the last CVS version.
In debug mode I can see the following message :
org.apache.slide.security.AccessDeniedException: Access denied on
/files/test/acl/toto by user /users/bourges for action /actions/write
(toto is the directory to be created)
Does Slide check permissions on the resource to be created ?
I use an LDAP store for users, a custom "web portal" store for roles and
a J2EE authentication layer.
Any idea ?
Excuse me in advance if there is no bug, I am sure that I have missed
something but I can't see what.
Thomas
--
+---=( Thomas Bellembois )=---+
| CRI - University of Rennes 1 - FR |
| [EMAIL PROTECTED] |
| +33 2 23 23 69 60 |
+-----------------------------------+
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
