[farcry-dev] Re: Permissions and policy groups

Wed, 09 Jun 2004 17:11:22 -0700

I've been working on the PostgreSQL code and I've recently noticed some weirdness with permissions as well. I've noticed a little discrepancy in the dmPolicyGroup table between MySQL and PostgreSQL installs:

This is from MySQL:

  PolicyGroupId                          PolicyGroupName
              1                                          SysAdmin
              2                                         SiteAdmin  
              3                                            Member  
              5                                      Contributors 
              6                                        Publishers  
              7                                         Anonymous       

and from PostgreSQL:

  policygroupid     policygroupname
              1            SysAdmin
              2           SiteAdmin
              3              Member
              4        Contributors
              5          Publishers
              6           Anonymous

notice how in MySQL there is no id of 4? That little shift messes (at least) with the policy group mappings, which I believe in the installer maps using the ids.

I've traced it down to the farcry_core/packages/security/authorization.cfc file where you can create a policy group (createPolicyGroup). Both Oracle and PostgreSQL use sequences for their auto incrementing columns. The code for both Oracle and PostgreSQL would always use the next sequence number even if a policyGroupId was passed to the method. The result is the 1-6 that you see without the missing 4. In the farcry_core/admin/install/dmSec_files/policyGroups.wddx, which this data is based on, you'll notice the missing 4.

Here is the new code for Oracle and PostgreSQL for the authorization.cfc file starting at line 318. Please note I don't have access to Oracle so I can't verify if it works. You could either reinstall or just update the policyGroupId values in the table.
case "ora":
{
	sql = "
		INSERT INTO #application.dbowner##stPolicyStore.PolicyGroupTable# (policyGroupName,policyGroupNotes,policyGroupID)
		VALUES
		('#arguments.PolicyGroupName#' ,'#arguments.PolicyGroupNotes#'";
		if (isDefined("arguments.policyGroupId")) {
		  sql = sql & ",#arguments.policyGroupId#";
		} else {
		  sql = sql & ",DMPOLICYGROUP_SEQ.nextval";
		}
		sql = sql & ")";;
	break;	
}
case "postgresql":
{
	sql = "
	INSERT INTO #application.dbowner##stPolicyStore.PolicyGroupTable# ( policyGroupName,policyGroupNotes ";
	if (isDefined("arguments.policyGroupId"))
		sql = sql & ",policyGroupId";
	sql = sql & ")	
	VALUES
	('#arguments.PolicyGroupName#' ,'#arguments.PolicyGroupNotes#'";
	if (isDefined("arguments.policyGroupId"))
		sql = sql & ",#arguments.policyGroupId#";
	sql = sql & ")";	
	break;	
}

--Kyle


Kyle Singer
Lead Web Developer
Whitman College
[EMAIL PROTECTED]



Geoff Bowers wrote:
If this is the case it should be relatively easy to fix.  You should be able to export and import policies from the security area.  Would be good to see if this is common across all db type installs (and then when the error was introduced :)

-- geoff
http://www.daemon.com.au/

Nathan Mische wrote:
I actually talked with Alex and confirmed he had the same policy group
permissions problems that I have. We are both deploying on Oracle, but I
doubt that is the issue. I have a feeling there is something amiss in
the farcry_core/admin/install/dmSec_files/permissionBarnacle.csv file. I
will have to do some more investigation, but my hunch is a couple of the
policyGroupIDs got switched around in the permissionBarnacle.csv.

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Nathan Mische
Sent: Wednesday, June 09, 2004 1:58 PM
To: FarCry Developers
Subject: [farcry-dev] RE: Permissions and policy groups

Alex, can you confirm you have the same problem? You can easily check by seeing the the Anonymous policy group has the Admin permission under Security -> Policy -> Policy Group Permissions.

I think I have the right policy group permissions set up now, but the wrong permissions were propogated throughout my site tree before I noticed the problem...

--Nathan

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Alexander Park
Sent: Wednesday, June 09, 2004 1:40 PM
To: FarCry Developers
Subject: [farcry-dev] RE: Permissions and policy groups

How do we fixed this.. I have a brand new install.  Is there a information on what permission do each group gets so I can fix this.

Alex


-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf

Of Nathan
Mische
Sent: Tuesday, June 08, 2004 10:11 PM
To: FarCry Developers
Subject: [farcry-dev] Permissions and policy groups


I apologize if this has been covered before, I think it has, but has anyone noticed weird permissions being assigned to policy

groups after
a new installation?

From what I can tell the Anonymous policy group is assigned Publisher
permissions, Publishers are assigned Contributor permissions, and Contributors are assigned Anonymous permissions. The other groups (Members, Site Admin and System Admin) look correct.

Thanks,

Nathan Mische
Director of Web Development
The Foundation for Better Health Care
www.fbhc.org
phone: 646-383-1014
fax: 212-835-2146
e-mail: [EMAIL PROTECTED]


---
You are currently subscribed to farcry-dev as: [EMAIL PROTECTED]
To unsubscribe send a blank email to [EMAIL PROTECTED]
Aussie Macromedia Developers: http://lists.daemon.com.au/ 

---

You are currently subscribed to farcry-dev as: [EMAIL PROTECTED]

To unsubscribe send a blank email to [EMAIL PROTECTED]

Aussie Macromedia Developers: http://lists.daemon.com.au/

Reply via email to