Hi Kevin!
Maybe I missed something. But if you have allow all to authenticated users -
then why should your case with user A and B not be allowed?
/jacob
----- Original Message -----
From: <[EMAIL PROTECTED]>
To: "Slide Users Mailing List" <slide-user@jakarta.apache.org>
Sent: Thursday, July 21, 2005 1:19 AM
Subject: acl question
In my domain.xml I have setup permission such that under "/" all can
read-acl, write-acl, unlock and read (the default)
<permission action="/actions/read-acl" subject="all" inheritable="true"
negative="true"/>
<permission action="/actions/write-acl" subject="all" inheritable="true"
negative="true"/>
<permission action="/actions/unlock" subject="all" inheritable="true"
negative="true"/>
<permission action="/actions/read" subject="all" inheritable="true"/>
Under "/files" I have setup permission such that anyone authenticated can
do anything, write if authenticated (although redundant I think),
and the owner can read-acl (also redundant?)
<permission action="all" subject="authenticated" inheritable="true"/>
<permission action="/actions/write" subject="authenticated" inheritable=
"true"/>
<permission action="/actions/read-acl" subject="owner" inheritable="true"
/>
I am using the JNDIPrincipalStore for user and roles so this is all I have
in the domain.xml (default from the JNDI example):
<objectnode classname=
"org.apache.slide.structure.SubjectNode" uri="/users">
<permission action="all" subject="self"
inheritable="true"/>
<permission action="all" subject=
"authenticated" inheritable="true" negative="true"/>
</objectnode>
<objectnode classname=
"org.apache.slide.structure.SubjectNode" uri="/roles">
<permission action="all" subject="self"
inheritable="true"/>
<permission action="all" subject=
"authenticated" inheritable="true" negative="true"/>
</objectnode>
User A authenticates and writes file X to the WebDAV server.
User B authenticates and changes the contents of file X on the server.
The problem is that user A and user B belong different roles and should
not
be able to do this.
How or where do I define this restriction?
Thanks
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]