> What is the behaviour of slide with this configuration?
But I can use other user account to access the /cnc/cidax
I've now added a new line under manage permission
<permission
action="/actions/read" subject="/users/wah" inheritable="false"/>
Maybe I attach my Domain.xml as well.. Thanks
> I would expect, that only wah has manage permissions to
> /cnc/cidax, but he has no read permissions.
> How do you manage something, you can't see?
>
> Martin
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
<?xml version="1.0"?>
<slide logger="org.apache.slide.util.logger.SimpleLogger" logger-level="6"
default="slide">
<!--
logger
~~~~~~
org.apache.slide.util.logger.SimpleLogger
default logger with 1 log level
log4j.Log4jLogger
logger with fine granularity
see http://jakarta.apache.org/log4j/
logger-level
~~~~~~~~~~~~
0 EMERGENCY
1 CRITICAL
2 ERROR
4 WARNING
6 INFO
7 DEBUG
-->
<namespace name="slide">
<!-- ### Memory Configuration ###
The following memory configuration uses the MemoryDescriptorsStore
for node,security,locks and revisions. For content the FileContentStore
is used. Content is reset before start.
-->
<!--
<definition>
<store name="memory">
<nodestore classname="slidestore.reference.MemoryDescriptorsStore">
</nodestore>
<securitystore>
<reference store="nodestore" />
</securitystore>
<lockstore>
<reference store="nodestore" />
</lockstore>
<revisiondescriptorsstore>
<reference store="nodestore" />
</revisiondescriptorsstore>
<revisiondescriptorstore>
<reference store="nodestore" />
</revisiondescriptorstore>
<contentstore classname="slidestore.reference.FileContentStore">
<parameter name="rootpath">contentstore</parameter>
<parameter name="version">false</parameter>
<parameter name="resetBeforeStarting">true</parameter>
</contentstore>
</store>
<scope match="/" store="memory" />
</definition>
-->
<!-- ### JDBC Configuration ###
The following jdbc sample configuration uses the hsql Database Engine
a relational database engine written in Java, for more info:
http://hsqldb.sourceforge.net/
-->
<definition>
<store name="jdbc">
<nodestore classname="slidestore.reference.JDBCDescriptorsStore">
<parameter name="driver">org.hsqldb.jdbcDriver</parameter>
<parameter
name="url">jdbc:hsqldb:/usr/local/jakarta-tomcat-4.0.1/webapps/slide/slidestructure</parameter>
<parameter name="user">sa</parameter>
<parameter name="password"></parameter>
</nodestore>
<securitystore>
<reference store="nodestore" />
</securitystore>
<lockstore>
<reference store="nodestore" />
</lockstore>
<revisiondescriptorsstore>
<reference store="nodestore" />
</revisiondescriptorsstore>
<revisiondescriptorstore>
<reference store="nodestore" />
</revisiondescriptorstore>
<contentstore classname="slidestore.reference.FileContentStore">
<parameter
name="rootpath">/usr/local/jakarta-tomcat-4.0.1/webapps/slide/contentstore</parameter>
<parameter name="version">true</parameter>
<parameter name="resetBeforeStarting">false</parameter>
</contentstore>
</store>
<scope match="/" store="jdbc" />
</definition>
<!--
<definition>
<store name="jdbc">
<nodestore classname="slidestore.reference.JDBCDescriptorsStore">
<parameter name="driver">org.hsqldb.jdbcDriver</parameter>
<parameter name="url">jdbc:hsqldb:slidestructure</parameter>
<parameter name="user">sa</parameter>
<parameter name="password"></parameter>
</nodestore>
<securitystore>
<reference store="nodestore" />
</securitystore>
<lockstore>
<reference store="nodestore" />
</lockstore>
<revisiondescriptorsstore>
<reference store="nodestore" />
</revisiondescriptorsstore>
<revisiondescriptorstore>
<reference store="nodestore" />
</revisiondescriptorstore>
<contentstore classname="slidestore.reference.FileContentStore">
<parameter
name="rootpath">/usr/local/jakarta-tomcat-4.0.1/webapps/slide/contentstore</parameter>
<parameter name="version">true</parameter>
<parameter name="resetBeforeStarting">false</parameter>
</contentstore>
</store>
<scope match="/" store="jdbc" />
</definition>
-->
<!-- ### Mixed JDBC - Filesystem ###
stores: slidestore.reference.JDBCDescriptorsStore
slidestore.reference.FileContentStore
!!! set resetBeforeStarting parameter for FileContentStore to false !!!
-->
<!-- ### Cloudscape configuration (embedded database) ###
stores: slidestore.cloudscape.CloudscapeDescriptorsStore
slidestore.cloudscape.CloudscapeContentStore
driver: COM.cloudscape.core.JDBCDriver
url: jdbc:cloudscape:slidestructure;create=true
jdbc:cloudscape:slidecontent;create=true
-->
<!-- ### Oracle configuration (thin driver) ###
stores: slidestore.reference.JDBCDescriptorsStore
slidestore.oracle.OracleContentStore
driver: oracle.jdbc.OracleDriver
url: jdbc:oracle:thin:@localhost:1521:slide
-->
<configuration>
<!-- Actions mapping -->
<default-action>/actions</default-action>
<read-object>/actions/read</read-object>
<create-object>/actions/write</create-object>
<remove-object>/actions/write</remove-object>
<grant-permission>/actions/manage</grant-permission>
<revoke-permission>/actions/manage</revoke-permission>
<read-permissions>/actions/manage</read-permissions>
<lock-object>/actions/write</lock-object>
<kill-lock>/actions/manage</kill-lock>
<read-locks>/actions/read</read-locks>
<read-revision-metadata>/actions/read</read-revision-metadata>
<create-revision-metadata>/actions/write</create-revision-metadata>
<modify-revision-metadata>/actions/write</modify-revision-metadata>
<remove-revision-metadata>/actions/write</remove-revision-metadata>
<read-revision-content>/actions/read</read-revision-content>
<create-revision-content>/actions/write</create-revision-content>
<modify-revision-content>/actions/write</modify-revision-content>
<remove-revision-content>/actions/write</remove-revision-content>
<!-- Paths configuration -->
<userspath>/users</userspath>
<guestpath>guest</guestpath>
<filespath>/ocf</filespath>
<filespath>/cnc</filespath>
<!-- <filespath>/cnc/cidax</filespath>-->
<filespath>/public</filespath>
<parameter name="dav">true</parameter>
<parameter name="standalone">true</parameter>
<!-- Roles definition -->
<role name="root">slideroles.basic.RootRole</role>
<role name="user">slideroles.basic.UserRole</role>
<role name="guest">slideroles.basic.GuestRole</role>
<!-- Users management -->
<auto-create-users>true</auto-create-users>
<!-- Default properties mapping -->
<default-property name="foo" namespace="nsfoo/" value="bar"
role="user"/>
<default-property name="password" namespace="slide/" value=""
role="user"/>
</configuration>
<data>
<objectnode classname="org.apache.slide.structure.SubjectNode" uri="/">
<!-- Subject can be:
self "~"
all "nobody"
user "/users/john"
group "+/users/groupA"
role "root"
-->
<!-- Uncomment the following line to give all permissions to
principals have the root role -->
<!-- <permission action="/actions" subject="root"/> -->
<permission action="/actions" subject="/users/root"/>
<permission action="/actions/read" subject="/users"
inheritable="false"/>
<permission action="/actions/read" subject="nobody"
inheritable="false"/>
<!-- /users -->
<objectnode classname="org.apache.slide.structure.SubjectNode"
uri="/users">
<permission action="/actions" subject="~"/>
<permission action="/actions" subject="/users/guest"
inheritable="true" negative="true"/>
<permission action="/actions/read" subject="/users"
inheritable="false"/>
<!-- Permission group example -->
<objectnode classname="org.apache.slide.structure.GroupNode"
uri="/users/OCF">
<!-- <objectnode classname="org.apache.slide.structure.LinkNode"
uri="/users/OCF/john" linkedUri="/users/john" />-->
<objectnode classname="org.apache.slide.structure.LinkNode"
uri="/users/OCF/anson" linkedUri="/users/anson" />
<objectnode classname="org.apache.slide.structure.LinkNode"
uri="/users/OCF/woodas" linkedUri="/users/woodas" />
<objectnode classname="org.apache.slide.structure.LinkNode"
uri="/users/OCF/holmes" linkedUri="/users/holmes" />
<objectnode classname="org.apache.slide.structure.LinkNode"
uri="/users/OCF/root" linkedUri="/users/root" />
<objectnode classname="org.apache.slide.structure.SubjectNode"
uri="/users/OCF/singleGroupMember" />
</objectnode>
<objectnode classname="org.apache.slide.structure.GroupNode"
uri="/users/CNC">
<objectnode classname="org.apache.slide.structure.LinkNode"
uri="/users/CNC/klwong" linkedUri="/users/klwong" />
<objectnode classname="org.apache.slide.structure.LinkNode"
uri="/users/CNC/wah" linkedUri="/users/wah" />
<objectnode classname="org.apache.slide.structure.LinkNode"
uri="/users/CNC/kcchan" linkedUri="/users/kcchan" />
<objectnode classname="org.apache.slide.structure.LinkNode"
uri="/users/CNC/root" linkedUri="/users/root" />
<objectnode classname="org.apache.slide.structure.SubjectNode"
uri="/users/CNC/singleGroupMember" />
</objectnode>
<!-- /users/root represents the administrator -->
<objectnode classname="slideroles.basic.RootRoleImpl"
uri="/users/root">
<revision>
<property name="password">root</property>
</revision>
</objectnode>
<!-- /users/john represents an authenticated user -->
<!-- <objectnode classname="slideroles.basic.UserRoleImpl"
uri="/users/john">
<revision>
<property name="password">john</property>
</revision>
</objectnode>
-->
<objectnode classname="slideroles.basic.UserRoleImpl"
uri="/users/klwong">
<revision>
<property name="password">klwong</property>
</revision>
</objectnode>
<objectnode classname="slideroles.basic.UserRoleImpl"
uri="/users/anson">
<revision>
<property name="password">anson</property>
</revision>
</objectnode>
<objectnode classname="slideroles.basic.UserRoleImpl"
uri="/users/wah">
<revision>
<property name="password">wah</property>
</revision>
</objectnode>
<objectnode classname="slideroles.basic.UserRoleImpl"
uri="/users/woodas">
<revision>
<property name="password">woodas</property>
</revision>
</objectnode>
<objectnode classname="slideroles.basic.UserRoleImpl"
uri="/users/holmes">
<revision>
<property name="password">holmes</property>
</revision>
</objectnode>
<objectnode classname="slideroles.basic.UserRoleImpl"
uri="/users/kcchan">
<revision>
<property name="password">kcchan</property>
</revision>
</objectnode>
<!-- /users/guest represents an authenticated or unauthenticated
guest user -->
<objectnode classname="slideroles.basic.GuestRoleImpl"
uri="/users/guest">
<revision>
<property name="password"></property>
</revision>
</objectnode>
</objectnode>
<objectnode classname="org.apache.slide.structure.ActionNode"
uri="/actions">
<objectnode classname="org.apache.slide.structure.ActionNode"
uri="/actions/read"/>
<objectnode classname="org.apache.slide.structure.ActionNode"
uri="/actions/write"/>
<objectnode classname="org.apache.slide.structure.ActionNode"
uri="/actions/manage"/>
</objectnode>
<objectnode classname="org.apache.slide.structure.SubjectNode"
uri="/ocf">
<!-- ### Give read/write/manage permission to guest ###
Uncomment the following line to give permission to do
all actions on /ocf to guest (unauthenticated users) -->
<!-- <permission action="/actions" subject="/users/guest"/> -->
<permission action="/actions/manage" subject="/users/anson"/>
<permission action="/actions/read" subject="+/users/OCF"/>
<permission action="/actions/write" subject="+/users/OCF"/>
<permission action="/actions/read" subject="/users/wah"/>
<!-- <permission action="/actions/read" subject="nobody"/>-->
</objectnode>
<objectnode classname="org.apache.slide.structure.SubjectNode"
uri="/cnc" >
<!-- ### Give read/write/manage permission to guest ###
Uncomment the following line to give permission to do
all actions on /cnc to guest (unauthenticated users) -->
<!-- <permission action="/actions" subject="/users/guest"/> -->
<permission action="/actions/manage" subject="/users/wah"
inheritable="false"/>
<permission action="/actions/read" subject="+/users/CNC"
inheritable="false"/>
<permission action="/actions/write" subject="+/users/CNC"
inheritable="false"/>
<permission action="/actions/read" subject="/users/anson"
inheritable="false"/>
<!-- <permission action="/actions/read" subject="nobody"/>-->
</objectnode>
<objectnode classname="org.apache.slide.structure.SubjectNode"
uri="/cnc/cidax">
<!-- ### Give read/write/manage permission to guest ###
Uncomment the following line to give permission to do
all actions on /cnc/cidax to guest (unauthenticated users) -->
<!-- <permission action="/actions" subject="/users/guest"/> -->
<permission action="/actions/manage" subject="/users/wah"
inheritable="false"/>
<permission action="/actions/read" subject="/users/wah" inheritable="false"/>
<!-- <permission action="/actions/read" subject="nobody"/>-->
</objectnode>
<objectnode classname="org.apache.slide.structure.SubjectNode"
uri="/public">
<!-- ### Give read/write/manage permission to guest ###
Uncomment the following line to give permission to do
all actions on /public to guest (unauthenticated users) -->
<permission action="/actions" subject="/users/guest"/>
<permission action="/actions" subject="nobody"/>
</objectnode>
</objectnode>
</data>
</namespace>
</slide>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
