Hello Jan Thanks for the reply. I will try to test your suggestion as soon as I can. This will perhaps be tomorrow. I'll let you know.
regards, Ernst 2010/11/7 Jan Haderka <[email protected]> > The caching is done per user only in the access manager instance that is > created for each user with his/her own permission list ( which is why you > need to relogin after changing). > > The only reason I could think for the strange behavior you observe is that > you are not saving something somewhere ... double checking your code ... > hmm, I think I got it now. There seem to be a bug. > The RoleEditDialog is a nasty beast that wipes out all permissions and > re-creates them from scratch (there are some historical reasons for that > which I'm not going to explain now). > Now, to the (possible) bug: addPermission() method saves permission (which > is a number) as a String. The RoleEditDialog saveACLs() otoh saves > permissions as numbers. Because of it's nasty way of treating the > permissions and because of the roundtrip via form where everything is anyway > converted to strings, it might be just correcting the erroneous values from > MgnlRole.addPermission() call. > > Attached is the MgnlRole that saves permissions as number instead. Could > you confirm that replacing this class in /info/magnolia/cms/security fixes > your issue? If so, please just create an issue and I'll commit the fix once > I get around to also write a test for it (which I'm not going to on Sunday > night). > > Thanks, > Jan > > > > ------------------------------ > ---------------------------------------------------------------- > For list details see > http://www.magnolia-cms.com/home/community/mailing-lists.html > To unsubscribe, E-mail to: <[email protected]> > ---------------------------------------------------------------- > > > On Nov 5, 2010, at 3:48 PM, Ernst Bunders wrote: > > > > 2010/11/5 Jan Haderka <[email protected]> > >> >> >> > Seems pretty straight forward. But the new permissions are not active >> yet. Now i have to open the role editor in the admin central, and save it. >> Then the new rules are active. So I suppose It is necessary to flush the >> rule system, but I don't know how. >> >> Really? The RoleEditDialog doesn't do anything special in it's post save >> method ... or rather it does the exactly same thing as >> MgnlRole.addPermission() as far as I can tell. >> Normally to apply new permissions for currently logged in user you need to >> re-login. I fail to see how reopening the dialog and saving it would make a >> difference. >> > > To be sure, i was equally stumped. I knew about the fact you have to login > again, but that's not the issue.... > But there probably is a cache of acl's? I can't imagine for each access > priv. check a jcr query is executed. > > OH well, back to the trenches... > > regards, > > Ernst > > > - > Best regards, > > Jan Haderka, PhD. > Magnolia International Ltd. > http://www.magnolia-cms.com > > http://twitter.com/magnolia_cms > http://facebook.com/Magnolia > -------------------------------------- > Magnolia® - Simple Open-Source Content Management > > > -- Ernst Bunders Ontwikkelaar VPRO ---------------------------------------------------------------- For list details see http://www.magnolia-cms.com/home/community/mailing-lists.html To unsubscribe, E-mail to: <[email protected]> ----------------------------------------------------------------
