I can see the nav as well as the attached dmhtml
when I dump roles for the user i get: SalesA and Anonymous
view permissions:
- ToolKits - = 1 CORRECT (SalesA,B,C roles view is granted)
- SalesA - = 1 CORRECT ( Sales A view granted, B&C - denied)
- SalesB - = 1 INCORRECT (Sales B view granted, A&C - denied)
- SalesC - = 1 INCORRECT (Sales C view granted, B&C - denied)
When my testuser (role = SalesA) hits SalesB from the nav menu I get
the following dump:
application.security.getCurrentRoles() - Anonymous, SalesA (26234160-
FFAE-11DD-ACA3005056B02320)
application.security.checkPermission
(object=request.navid,permission='view') = 1
request.navid = 26EE61E1-29E5-11DE-9DFF005056B02320
But the following query returns -1.00
SELECT barnaclevalue
FROM farBarnacle
WHERE (roleid = '26234160-FFAE-11DD-ACA3005056B02320') - SalesA
AND (permissionid = '2521D6F0-FFAE-11DD-ACA3005056B02320') -
View
AND (referenceid = '26EE61E1-29E5-11DE-9DFF005056B02320') -
SalesB Nav ID
For Anon... returns : 0.00
SELECT barnaclevalue
FROM farBarnacle
WHERE (roleid = 261C1571-FFAE-11DD-ACA3005056B02320) - ANONYMOUS
AND (permissionid = '2521D6F0-FFAE-11DD-ACA3005056B02320') -
View
AND (referenceid = '26EE61E1-29E5-11DE-9DFF005056B02320') -
SalesB Nav ID
UpdateApp does not fix.
In the webtop permissions for anon on that node are inheirit(deny) for
all listed.
On Dec 16, 2:20 pm, Blair McKenzie <[email protected]> wrote:
> It could be a bug in genericnav. Are the users able to actually view those
> restricted nodes? In theory there could be a bug in the menu where they can
> see the option but not be able to view the page.
>
> Debugging from the other direction - you could dump
> application.security.getCurrentRoles() to get the role id's assigned to the
> current user.
> application.security.checkPermission(object=navid,permission="view") gives
> you the view permission as FarCry has calculated it.
>
> Blair
>
>
>
> On Thu, Dec 17, 2009 at 8:59 AM, Chris Roth <[email protected]> wrote:
> > My test user (FarUD) is assigned to one group 'SalesA' (FarUD)
> > The Role 'SalesA' has the groups 'SalesA' (FarUD) and SalesA
> > (ActiveDUD) associated.
> > The Role 'SalesA' has no assigned permissions.
>
> > The navigation
>
> > Home
> > -- SalesPortal - Anonymous View Denied, SalesA,B,C roles view is
> > granted
> > - ToolKits - SalesA,B,C roles view is granted
> > - SalesA - Sales A view granted, B&C - denied
> > - SalesB - Sales B view granted, A&C - denied
> > - SalesC - Sales C view granted, B&C - denied
>
> > If I try to go towww.../SalesPortal/ToolKitsI am asked to login
> > (good... ) When I login as SalesA user, I am grated access but I see
> > SalesA, SalesB and SalesC navs in the left side menu below toolkits,
> > Based on the above, I should only see SalesA subnav. Correct?
>
> > I have confirmed the permissions and updated app... still I see the
> > sibling nodes that I should not.
>
> > On Dec 15, 6:53 pm, Blair McKenzie <[email protected]> wrote:
> > > Do any of these users have a role that grant's permission? Permissions
> > are
> > > aggregated across roles, including anonymous.
>
> > > Blair
>
> > > On Tue, Dec 15, 2009 at 10:18 AM, Chris Roth <[email protected]>
> > wrote:
> > > > I seem to be having a problem "hiding" some menu items.
>
> > > > Here's a brief overview..
>
> > > > I have a dmNav below home called "SalesPortal" with anonymous view to
> > > > deny
>
> > > > I have three groups+roles SalesA, SalesB, SalesC (product lines) with
> > > > view permissions to SalesPortal set explicity to grant.
>
> > > > Below SalesPortal I have a dmNav called ToolKits, all three groups
> > > > have view "inherited" from SalesPortal
>
> > > > Below ToolKits I have
>
> > > > ProductsA
> > > > ProductsB
> > > > ProductsC
>
> > > > These navs have view permissions explicity set based on the Role.
>
> > > > Only SalesA should see the ProductsA, etc in the "utlity" nav on a 2
> > > > column display
>
> > > > Using a test user assigned to group SalesA I access SalesPortal, then
> > > > ToolKits but I see all three Products Navs.
>
> > > > The tag on the dmHTML webskin being used looks like this:
>
> > > > <skin:genericNav navID="#request.navid#"
> > > > functionMethod="getBloodline"
>
> > functionArgs="jointable=""dmNavigation"",status=""#request.mode.lvalidstatus#"""
> > > > id="nav-secondary"
> > > > startlevel="3"
> > > > bActive="true"
> > > > bFirst="1"
> > > > bHideSecuredNodes ="true">
>
> > > > Shouldnt this be hiding ProductsB and ProductsC dmNavs based on my
> > > > user's group's role's explicit deny on those navs?
>
> > > > --
> > > > You received this message cos you are subscribed to "farcry-dev" Google
> > > > group.
> > > > To post, email: [email protected]
> > > > To unsubscribe, email:
> > > > [email protected]<farcry-dev%2bunsubscr...@googlegroups.com>
> > <farcry-dev%2bunsubscr...@googlegroups.com>
> > > > For more options:http://groups.google.com/group/farcry-dev
> > > > --------------------------------
> > > > Follow us on Twitter:http://twitter.com/farcry-Hide quoted text -
>
> > > - Show quoted text -
>
> > --
> > You received this message cos you are subscribed to "farcry-dev" Google
> > group.
> > To post, email: [email protected]
> > To unsubscribe, email:
> > [email protected]<farcry-dev%2bunsubscr...@googlegroups.com>
> > For more options:http://groups.google.com/group/farcry-dev
> > --------------------------------
> > Follow us on Twitter:http://twitter.com/farcry- Hide quoted text -
>
> - Show quoted text -
--
You received this message cos you are subscribed to "farcry-dev" Google group.
To post, email: [email protected]
To unsubscribe, email: [email protected]
For more options: http://groups.google.com/group/farcry-dev
--------------------------------
Follow us on Twitter: http://twitter.com/farcry
