James Mason wrote:
Comments below.
Carlos Villegas wrote:
Hi,
I've been doing some tests with ACLs and it seems to me that write privilege implies write-acl. Is that the way is suppose to be?
I'm using the Slide 2.0 release.
This is the way it's supposed to be. Take a look at the <data> section of your Domain.xml file. You'll see that many of the /actions nodes are composites of other nodes. This means many /actions, such as read, write and all, are really shortcuts so that you don't have to assign six different capabilities just to get the standard behavior.
Yes, I get it now: write gives all the write accesses and read does likewise. I was just surprised to find that the default permissions in Domain.xml were granting write-acl to /roles/user on the /files collection while allowing read-acl only to the owner of the resource.
It's probably a mistake in Domain.xml, at least I wouldn't set it that way. I'll correct my own Domain.xml.
There seems to be some bug on writing ACLs through the command line client. But I think it's a different issue. Sometimes all the non-inherited ACEs are deleted when I issue a grant command and afterwards only the one granted remains.
Which version of the client and server are you using? There was a bug in the server that could cause this, but it should be squashed in the latest release (2.1b1).
2.0. I'll upgrade during the following days and I'll report whether the issue is still there.
Thanks,
Carlos
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
