Hello ,
It is now clear for me. Thank you very much for these explanation.
You helped me very much.
Best Regards,
Thomas
Miguel Figueiredo wrote:
Hello Thomas,
I believe the behaviour u described is correct. The ace entry refers to
write permission on /files/test/acl witch gives permission to update
properties, make locks, etc, on the collection. Since it isn’t inheritable,
that ACE is not checked for permissions on the uri /files/test/acl/toto.
Since there aren’t inheritable permissions about write-content, Slide tests
everything until the / path. Interesting to know, that by default,
permissions are denied unless granted.
Best regards,
Miguel Figueiredo
-----Original Message-----
From: Thomas Bellembois [mailto:[EMAIL PROTECTED]
Sent: terça-feira, 26 de Julho de 2005 15:04
To: Slide Developers Mailing List
Subject: ACL non inheritable
Hi,
I wonder if there is something going wrong this ACL inheritance.
I have the following tree :
/
<permission action="all" subject="/roles/root" inheritable="true"/>
<permission action="/actions/read-acl" subject="all"
inheritable="true" negative="true"/>
<permission action="/actions/write-acl" subject="all" inheritable="true"
negative="true"/>
<permission action="/actions/unlock" subject="all" inheritable="true"
negative="true"/>
<permission action="/actions/read" subject="all" inheritable="true"/>
/files
<permission action="all" subject="/roles/root" inheritable="true"/>
<permission action="/actions/read-acl" subject="owner" inheritable="true"/>
<permission action="/actions/read" subject="all" inheritable="true"/> <!--
not necessary because inherited from / -->
/files/test
/files/test/acl
<permission action="/actions/write" subject="/users/bourges"
inheritable="false"/>
The user "bourges" can NOT write in "/files/test/acl" except if I change
the permission inheritance (of the acl directory) into : inheritable="true".
My acl_inheritance_type is set to "path".
I have tried reinstalling a new clean Slide 2.1 server and also tried
with the last CVS version.
In debug mode I can see the following message :
org.apache.slide.security.AccessDeniedException: Access denied on
/files/test/acl/toto by user /users/bourges for action /actions/write
(toto is the directory to be created)
Does Slide check permissions on the resource to be created ?
I use an LDAP store for users, a custom "web portal" store for roles and
a J2EE authentication layer.
Any idea ?
Excuse me in advance if there is no bug, I am sure that I have missed
something but I can't see what.
Thomas
--
+---=( Thomas Bellembois )=---+
| CRI - University of Rennes 1 - FR |
| [EMAIL PROTECTED] |
| +33 2 23 23 69 60 |
+-----------------------------------+
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
