Re: acl question

Thu, 21 Jul 2005 00:35:56 -0700 

Hi Kevin!
Maybe I missed something. But if you have allow all to authenticated users - then why should your case with user A and B not be allowed? 

/jacob


----- Original Message ----- 
From: <[EMAIL PROTECTED]>

To: "Slide Users Mailing List" <slide-user@jakarta.apache.org>
Sent: Thursday, July 21, 2005 1:19 AM
Subject: acl question



In my domain.xml I have setup permission such that under "/" all can
read-acl, write-acl, unlock and read (the default)
 <permission action="/actions/read-acl" subject="all" inheritable="true"
negative="true"/>
 <permission action="/actions/write-acl" subject="all" inheritable="true"
negative="true"/>
 <permission action="/actions/unlock" subject="all" inheritable="true"
negative="true"/>
 <permission action="/actions/read" subject="all" inheritable="true"/>

Under "/files" I have setup permission such that anyone authenticated can
do anything, write if authenticated (although redundant I think),

and the owner can read-acl (also redundant?)

 <permission action="all" subject="authenticated" inheritable="true"/>
 <permission action="/actions/write" subject="authenticated" inheritable=
"true"/>
 <permission action="/actions/read-acl" subject="owner" inheritable="true"
/>

I am using the JNDIPrincipalStore for user and roles so this is all I have
in the domain.xml (default from the JNDI example):

                       <objectnode classname=
"org.apache.slide.structure.SubjectNode" uri="/users">
                             <permission action="all" subject="self"
inheritable="true"/>
                             <permission action="all" subject=
"authenticated" inheritable="true" negative="true"/>
                       </objectnode>
                       <objectnode classname=
"org.apache.slide.structure.SubjectNode" uri="/roles">
                             <permission action="all" subject="self"
inheritable="true"/>
                             <permission action="all" subject=
"authenticated" inheritable="true" negative="true"/>
                       </objectnode>

User A authenticates and writes file X to the WebDAV server.

User B authenticates and changes the contents of file X on the server.


The problem is that user A and user B belong different roles and should 
not

be able to do this.

How or where do I define this restriction?

Thanks


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to