Hi Clement, I am currently travelling by plane, so I cannot have a look in details now about this issue, but I surely have an answer later. In the meantime, you may find answers by looking at the most accurate documentation at http://extensions.xwiki.org/xwiki/bin/view/Extension/Security+Module.
On Mon, May 9, 2016 at 9:22 AM, Clemens Klein-Robbenhaar < [email protected]> wrote: > Hi devs, > > while trying to figure out how to fix > http://jira.xwiki.org/browse/XWIKI-13269 " Multiple values for one > permission pair handled wrong " > I ran into a question about now to resolve conflicting rights/permissions. > I guess that resolving rights conflicts assigned to the same object/level > (i.e. page or wiki) but different principal (i.e. user and a group of that > user) > is not much different than resolving a conflict with rights for the same > principal (as happened in the bug report, getting two rights for the > anonymous user after an upgrade conflict) > > If I understand the documentation here: > > http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Permission+types/ > > then usually "deny" takes precedence over "allow", except for the "Special > Permissions": "admin", "programming", "register", "crate wiki" and "script". > > However when I look at the implementation in > org.xwiki.security.authorization.Rights > I can see the rights have a "tieResolutionPolicy", which is "ALLOW" for > "register", "admin" and "programing", > but not for "create wiki" and "script". > > Is the "tieResolutionPolicy" something different than the priority order? > If not, who is right, the implementation or the documentation? > > > (However, no matter how the answer is, the UI needs to be updated, as it > always assumes that deny takes precedence, giving the wrong answer at times) > > > Thanks, > Clemens > _______________________________________________ > devs mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/devs > -- Denis Gervalle SOFTEC sa - CEO _______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs
