[farcry-dev] Re: Permissions and policy groups

Thu, 10 Jun 2004 08:56:20 -0700

My concern is that if we allow the createPolicyGroup method to assign the policyGroupID an existing policyGroup could be overwritten very easily. Also, how do we keep the DMPOLICYGROUP and DMPOLICYGROUP_SEQ tables in sync? For example, say I add a policyGroup with the policyGroupID of 70, do I then have to increment the DMPOLICYGROUP_SEQ multiple times to keep it in sync?
 
--Nathan
 

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kyle Singer
Sent: Thursday, June 10, 2004 10:38 AM
To: FarCry Developers
Subject: [farcry-dev] Re: Permissions and policy groups

You should be able to edit the DMPOLICYGROUP table and fix the IDs to match the first list below. You'll need to update your DMPOLICYGROUP_SEQ sequence, however, since its next number will mostly likely be 7 (conflicting with Anonymous) if you ever create a new policy group. One quick fix for this is to run:

select dmpolicygroup_seq.nextval from dual;

That'll increment it to a safe number. You could even do that a few times if you want to be really safe.

I think another change to the installer will be to have that sequence start at a more safe number like 20 so there is no chance of conflicting with the base install.

--Kyle

On Jun 10, 2004, at 5:48 AM, Nathan Mische wrote:

It looks like you hit the nail on the head. I just checked my DMPOLICYGROUP table in Oracle and it does indeed use 1-6 for the default PolicyGroupIDs. I'm relatively new to Oracle so I'm not sure, would we need to manually adjust the DMPOLICYGROUP_SEQ table with this approach?
Thanks,
--Nathan


From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kyle Singer
Sent: Wednesday, June 09, 2004 8:10 PM
To: FarCry Developers
Subject: [farcry-dev] Re: Permissions and policy groups

I've been working on the PostgreSQL code and I've recently noticed some weirdness with permissions as well. I've noticed a little discrepancy in the dmPolicyGroup table between MySQL and PostgreSQL installs:

This is from MySQL:

  PolicyGroupId                          PolicyGroupName
              1                                          SysAdmin
              2                                         SiteAdmin  
              3                                            Member  
              5                                      Contributors 
              6                                        Publishers  
              7                                         Anonymous       

and from PostgreSQL:

  policygroupid     policygroupname
              1            SysAdmin
              2           SiteAdmin
              3              Member
              4        Contributors
              5          Publishers
              6           Anonymous

notice how in MySQL there is no id of 4? That little shift messes (at least) with the policy group mappings, which I believe in the installer maps using the ids.

I've traced it down to the farcry_core/packages/security/authorization.cfc file where you can create a policy group (createPolicyGroup). Both Oracle and PostgreSQL use sequences for their auto incrementing columns. The code for both Oracle and PostgreSQL would always use the next sequence number even if a policyGroupId was passed to the method. The result is the 1-6 that you see without the missing 4. In the farcry_core/admin/install/dmSec_files/policyGroups.wddx, which this data is based on, you'll notice the missing 4.

Here is the new code for Oracle and PostgreSQL for the authorization.cfc file starting at line 318. Please note I don't have access to Oracle so I can't verify if it works. You could either reinstall or just update the policyGroupId values in the table.
case "ora":
{
sql = "
INSERT INTO #application.dbowner##stPolicyStore.PolicyGroupTable# (policyGroupName,policyGroupNotes,policyGroupID)
VALUES
('#arguments.PolicyGroupName#' ,'#arguments.PolicyGroupNotes#'";
if (isDefined("arguments.policyGroupId")) {
sql = sql & ",#arguments.policyGroupId#";
} else {
sql = sql & ",DMPOLICYGROUP_SEQ.nextval";
}
sql = sql & ")";;
break;
}
case "postgresql":
{
sql = "
INSERT INTO #application.dbowner##stPolicyStore.PolicyGroupTable# ( policyGroupName,policyGroupNotes ";
if (isDefined("arguments.policyGroupId"))
sql = sql & ",policyGroupId";
sql = sql & ")
VALUES
('#arguments.PolicyGroupName#' ,'#arguments.PolicyGroupNotes#'";
if (isDefined("arguments.policyGroupId"))
sql = sql & ",#arguments.policyGroupId#";
sql = sql & ")";
break;
}


--Kyle




Kyle Singer
Lead Web Developer
Whitman College
[EMAIL PROTECTED]
---
You are currently subscribed to farcry-dev as: [EMAIL PROTECTED]
To unsubscribe send a blank email to [EMAIL PROTECTED] Aussie Macromedia Developers: http://lists.daemon.com.au/
---
You are currently subscribed to farcry-dev as: [EMAIL PROTECTED]
To unsubscribe send a blank email to [EMAIL PROTECTED] Aussie Macromedia Developers: http://lists.daemon.com.au/

Reply via email to