Hi, This is not a bug in the wizards but rather in the jsp editors (and it will not be fixed by applying my patch I think).
Permission to create a relation between 2 nodes has nothing to do with write permission on the node to link to. It is determined by having 'change relation' permissions on both nodes that are linked and 'create' permission on the relation builder. Permission to change a relation between two nodes is determined by the same 'change relation' permissions and 'write' permission on the relation node. See ContextAuthorization.check(UserContext, int, int, int, Operation) for this. Of course I assume that from the edit wizards the correct methods in the authorization implementation are called. I have quickly scanned the source code to see if this happens anywhere, but could not find it. And I just did a quick test to see whether denying a particular user group 'change relation' permission makes any difference, and it doesn't. So this seems to be a bug after all, just a different bug. Regards, Ronald. > -----Oorspronkelijk bericht----- > Van: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Namens Ernst Bunders > Verzonden: dinsdag 1 maart 2005 17:31 > Aan: [email protected] > Onderwerp: [Developers] cloud context security and wizards > > hello developers > In the site i am presently working on i user cloudcontext > security, and rely on content authorization. > there are a couple of subsites that are being maintained by > different people. > Now i have programmaitem nodes that belong to one context and > some programmaitem nodes that belong to another context. > now if i want to link a new programmaitem node to a certain > subsite (being logged in as a user who has write permisson > only to the context for this particular subsite), and i use > the search popup, I can see and in fact make a relation to > every programmaitem node in the cloud, regardless of ownership. > trying the same in the jsp editors i can (as i would expect) > see all the programmaitemnodes, but can only link to the ones > i have write permission to. > so what i would expect in the wizards is a list with only the > nodes i have write permission for Is this a bug? is it a > feature? what to do? > > thanks, > > ernst > _______________________________________________ > Developers mailing list > [email protected] > http://lists.mmbase.org/mailman/listinfo/developers > > -----------------------Disclaimer------------------------- Dit bericht (met bijlagen) is met grote zorgvuldigheid samengesteld. Voor mogelijke onjuistheid en/of onvolledigheid van de hierin verstrekte informatie kan Kennisnet geen aansprakelijkheid aanvaarden, evenmin kunnen aan de inhoud van dit bericht (met bijlagen) rechten worden ontleend. De inhoud van dit bericht (met bijlagen) kan vertrouwelijke informatie bevatten en is uitsluitend bestemd voor de geadresseerde van dit bericht. Indien u niet de beoogde ontvanger van dit bericht bent, verzoekt Kennisnet u dit bericht te verwijderen, eventuele bijlagen niet te openen en wijst Kennisnet u op de onrechtmatigheid van het gebruiken, kopi�ren of verspreiden van de inhoud van dit bericht (met bijlagen). This message (with attachments) is given in good faith. Kennisnet cannot assume any responsibility for the accuracy or reliability of the information contained in this message (with attachments), nor shall the information be construed as constituting any obligation on the part of Kennisnet. The information contained in this message (with attachments) may be confidential or privileged and is only intended for the use of the named addressee. If you are not the intended recipient, you are requested by Kennisnet to delete this message (with attachments) without opening it and you are notified by Kennisnet that any disclosure, copying or distribution of the information contained in this message (with attachments) is strictly prohibited and unlawful. ---------------------------------------------------------- _______________________________________________ Developers mailing list [email protected] http://lists.mmbase.org/mailman/listinfo/developers
