> -----Oorspronkelijk bericht----- > Van: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Namens Ronald Wildenberg > Verzonden: woensdag 2 maart 2005 10:09 > Aan: [email protected] > Onderwerp: RE: [Developers] cloud context security and wizards > > > Hi, > > This is not a bug in the wizards but rather in the jsp > editors (and it will not be fixed by applying my patch I think). > > Permission to create a relation between 2 nodes has nothing > to do with write permission on the node to link to. It is > determined by having 'change relation' permissions on both > nodes that are linked and 'create' permission on the relation > builder. Permission to change a relation between two nodes is > determined by the same 'change relation' permissions and > 'write' permission on the relation node. See > ContextAuthorization.check(UserContext, int, int, int, > Operation) for this. > > Of course I assume that from the edit wizards the correct > methods in the authorization implementation are called. I > have quickly scanned the source code to see if this happens > anywhere, but could not find it. And I just did a quick test > to see whether denying a particular user group 'change > relation' permission makes any difference, and it doesn't. > > So this seems to be a bug after all, just a different bug.
I think i must agree with you. My context certainly has no 'change relation' priviliges on programma items belonging to other subsites. hmm. I will make a bug report, and see if i can locate the relevant code. But i don't know the inner mysteries of the wizards very well. Should this a Dove problem? regards, Ernst > > Regards, > Ronald. > > > > -----Oorspronkelijk bericht----- > > Van: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] Namens Ernst Bunders > > Verzonden: dinsdag 1 maart 2005 17:31 > > Aan: [email protected] > > Onderwerp: [Developers] cloud context security and wizards > > > > hello developers > > In the site i am presently working on i user cloudcontext > > security, and rely on content authorization. > > there are a couple of subsites that are being maintained by > > different people. > > Now i have programmaitem nodes that belong to one context and > > some programmaitem nodes that belong to another context. > > now if i want to link a new programmaitem node to a certain > > subsite (being logged in as a user who has write permisson > > only to the context for this particular subsite), and i use > > the search popup, I can see and in fact make a relation to > > every programmaitem node in the cloud, regardless of ownership. > > trying the same in the jsp editors i can (as i would expect) > > see all the programmaitemnodes, but can only link to the ones > > i have write permission to. > > so what i would expect in the wizards is a list with only the > > nodes i have write permission for Is this a bug? is it a > > feature? what to do? > > > > thanks, > > > > ernst > > _______________________________________________ > > Developers mailing list > > [email protected] > > http://lists.mmbase.org/mailman/listinfo/developers > > > > > > > -----------------------Disclaimer------------------------- > Dit bericht (met bijlagen) is met grote zorgvuldigheid > samengesteld. Voor mogelijke onjuistheid en/of onvolledigheid > van de hierin verstrekte informatie kan Kennisnet geen > aansprakelijkheid aanvaarden, evenmin kunnen aan de inhoud > van dit bericht (met bijlagen) rechten worden ontleend. De > inhoud van dit bericht (met bijlagen) kan vertrouwelijke > informatie bevatten en is uitsluitend bestemd voor de > geadresseerde van dit bericht. Indien u niet de beoogde > ontvanger van dit bericht bent, verzoekt Kennisnet u dit > bericht te verwijderen, eventuele bijlagen niet te openen en > wijst Kennisnet u op de onrechtmatigheid van het gebruiken, > kopi�ren of verspreiden van de inhoud van dit bericht (met bijlagen). > > This message (with attachments) is given in good faith. > Kennisnet cannot assume any responsibility for the accuracy > or reliability of the information contained in this message > (with attachments), nor shall the information be construed as > constituting any obligation on the part of Kennisnet. The > information contained in this message (with attachments) may > be confidential or privileged and is only intended for the > use of the named addressee. If you are not the intended > recipient, you are requested by Kennisnet to delete this > message (with attachments) without opening it and you are > notified by Kennisnet that any disclosure, copying or > distribution of the information contained in this message > (with attachments) is strictly prohibited and unlawful. > ---------------------------------------------------------- > > _______________________________________________ > Developers mailing list > [email protected] > http://lists.mmbase.org/mailman/listinfo/developers > _______________________________________________ Developers mailing list [email protected] http://lists.mmbase.org/mailman/listinfo/developers
