[Ecm] Re: Re: groups from LDAP server

Thu, 19 Apr 2007 07:27:52 -0700 

Besides, you can't be certain that for example the "administrators" group will 
always be present in the system as it is possible to delete it...
  "Frédéric Thise" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]
  Also present in UserManagerActionsBean:
  public void initialize() {
  log.info("Initializing...");
  principal = (NuxeoPrincipal) FacesContext.getCurrentInstance()
  .getExternalContext().getUserPrincipal();
  principalIsAdmin = principal.getGroups().contains("administrators");
  }

  wouldn't it be simpler to allow the user through a configuration file to set 
the name of the "administrators" and "members" groups?
  eg: principalIsAdmin = 
principal.getGroups().contains(Config.getAdministratorsGroupName());
      and Config is built from an XML file...



  "Tiry" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]
  Le jeudi 19 avril 2007 à 14:46 +0200, Frédéric Thise a écrit :
  >  
  > Unfortunately yes,
  > for example in NuxeoPrincipalImpl, "administrators" is hardcoded:
  > public boolean isAdministrator()
  > {
  > try {
  > return isMemberOf("administrators");
  > } catch (ClientException e) {
  > // TODO Auto-generated catch block
  > e.printStackTrace();
  > return false;
  > }
  > }
  >  
  This was added a few days ago in order to guard some administration
  actions.
  If needed, this method could be pluggable.

  > ...
  >  
  >  
  > "Olivier Grisel" <[EMAIL PROTECTED]> wrote in message
  > news:[EMAIL PROTECTED]
  > Frédéric Thise a écrit :
  > > Hello,
  > > 
  > > i would like to map the groups from my LDAP server to the Nuxeo
  > groups 
  > > (administrators, members) but i don't want to use these names in my
  > LDAP 
  > > server (besides administrators is reserved in my Active directory
  > server)..
  > > Is there a way to map group names? eg: in LDAP:
  > 'nuxeo_administrators' 
  > > mapped to 'administrators'.
  > 
  > You are free to use other group names and give them the needed rights
  > at the
  > root of your domains using the rights management tab. You can use the
  > the
  > defaultAdministratorId tag to setup a virtual administrator.
  > 
  > Hopefully security checks are done on permissions and not group names
  > but their
  > might be a few places in the code where groupnames are hardcoded.
  > 
  > -- 
  > Olivier 
  > _______________________________________________
  > ECM mailing list
  > [email protected]
  > http://lists.nuxeo.com/mailman/listinfo/ecm 


------------------------------------------------------------------------------


  _______________________________________________
  ECM mailing list
  [email protected]
  http://lists.nuxeo.com/mailman/listinfo/ecm

_______________________________________________
ECM mailing list
[email protected]
http://lists.nuxeo.com/mailman/listinfo/ecm

Reply via email to