Hi Andrey, Thanks for the response. As we speak I am doing some tests using the Slide Command Line tool (it uses Webdav Client internally). I added a new user (user1) and a new role (role1) using webdav client. I did this using mkcol command on users and roles collection. After that I use Webdav client (proppatchMethod()) to set the property "group-member-set" of role "role1" to include "user1" as member of this role. This seemed to work fine. Also, when I use propfindMethod() from webdav client to check the property value of group-member-set, it shows user1 as a member of role1. After that I use command line tool to login as root and assign "write" permission on a new folder I created under /files to /roles/role1. The command I use is:
grant write on /Slide/files/folder1 to /Slide/roles/role1
If I check acl propery for /Slide/files/folder1, I can see that write permission is assigned to role1 for folder1.
Now, when I login back as user1, I cannot upload a file to the above folder, I get 403 Forbidden error.
A possible reason for 403s might be that you have auto-versioning set but inadequate permissions on the /history folder.
You may also want to check the "current-user-privilege-set" property of folder1 to see if the write permission gets properly propagated from role to user.
HTH Guido
Can you validate that this works for you (I'll appreciate if you can grant permissions using command line tool and validate that the permission works properly). You can use acl command to find the permissions on any folder/file.
thanks,
regards, Krishna
-----Original Message----- From: Andrey Shulinsky [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 04, 2004 12:56 PM To: 'Slide Users Mailing List' Subject: RE: User Authorization based on permissions set to role in Slide2.1
Hi, Krishna!
Everything should work fine in the case you've described. Actually, I'm testing permissions at the moment and it's one of my own test cases. I am using the Security helper directly though, not the client. Haven't you checked the descriptors of the "role1" and the file you're granting access to ensure that "user1" is really in the "group-member-set" property of the role and that the permission is set in the file descriptor?
Yours sincerely, Andrey.
-----Original Message-----
From: Slide Users Mailing List [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 04, 2004 11:50 AM
To: '[EMAIL PROTECTED]'
Subject: User Authorization based on permissions set to role in Slide2.1
Importance: Low
Hi Folks,
I am re-posting this mail since I haven't got any replies yet. I am hoping there is some developer there who might have tried to play around with permissions in Slide2.1M1. My problem is that when I assign some permissions to a role, those permissions are not propogated to the users in that role. If not for permissions what else is the purpose of having roles at all? I am sure it is not just for logical grouping of users. Any help is appreciated ......
thanks in advance ....
regards,
Krishna
-----Original Message-----
From: Krishna Kankipati Sent: Tuesday, August 03, 2004 5:47 PM
To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED]
Subject: User Authorization based on permissions set to role in
Slide2.1
Michael,
I was searching the mail archive for some help on
permissions and
came upon this discussion you were having with some developer which
seemed
relevant to my question:
http://www.mail-archive.com/[EMAIL PROTECTED]/msg05056.htm
l
Does slide permissions propogate based on role memberships.
I mean, if
I create a role called "role1", and add a user called
"user1" to it,
will
user1 get all the permissions that are assigned to role1.
I've seen in
my tests that although I gave enough "write" permissions to
"role1",
Slide does not allow "user1" to write unless I add the "write" permission to "user1" itself. Am I missing something or is
it a bug.
What is your opinion on this? I am using Slide 2.1M1 and
command line
client to grant permissions to /Slide/files collection.
thanks
regards, Krishna
Krishna Kankipati Software Engineer SSA Global * 1626 Cole Blvd. Golden, CO 80401, USA * 303-274-3027 Fax: 303-274-3137 * [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
