The ACL spec states that you cannot modify an inherited or protected ACE. What about adding a new ACE? I'm not sure. If you add an ACE to a collection, isn't it automatically inheritable? Might that depend on a particular server implementation? I guess no implementation would allow you to add a protected ACE. And maybe the ACL spec should be changed to allow marking a new ACE as inheritable.
Reagrds, Ingo > Ingo, > Why is Ace class exposing its isInherited member variable if cannot > be set explicitly. It also has a mutator method called setIsInherited(). If > value set to false, it works. If set to true it just doesn't do anything > (does not throw error too). Seems like a bug. > > Also, using domain.xml you can create non-inheritable permissions. I have > tried that and it works. All I am asking is if I can achieve the same using > webdav client lib. > > Thanks, > > Krishna > > > -----Original Message----- > From: Ingo Brunberg [mailto:[EMAIL PROTECTED] > Sent: Tuesday, October 26, 2004 1:22 AM > To: Slide Users Mailing List > Subject: Re: Adding a non-inheritable permission to a folder using webdav > clie nt lib not working > > You can't set a permission that is inherited. Inherited means the ACE > is really inherited (believe me) from a parent resource. > > In fact you should filter the ACEs with the inherited flag set before > calling the aclMethod(). Luckily the client library does this for you. > > Ingo > > > Hi, > > I have been trying for quiet some time to add a permission to a > > folder using webdav client-lib that does not inherit to the downstream > > folders. I have taken the code from client-lib that is shipped with slide > > and am using slide 2.1 B1. In my code I use the following fragment to > create > > an ACE object and bind it to ACL. > > > > The code works perfectly if 4th parameter (isInherited) is set to false > > > > // Create new ACE object bIsInherited = false > > aceNew = new Ace(sPrincipal, bDenyPrivilege, false, bIsInherited, null); > > > > > > The code does not work if 4th parameter (isInherited) is set to true. I am > > assuming that you set the 4th parameter to true if you are trying to make > > the permission non-inheritable (not allow it to percolate to the > downstream > > folders). > > > > With 4th parameter set to true, webdav client does not throw any error but > > does not add the permission. Later when I get the ACL for the resource I > > find that the ace has not been added. > > > > Please let me know if I am missing something ... or if it is possible at > all > > to create a permission(ace) in a ACL which does not percolate to > downstream > > folders using webdav client lib. > > > > I found that adding a inheritable(false) permission in domain.xml does the > > job as desired. I am wondering why it is not working from webdav client > lib. > > > > Any help is appreciated !!!!!! > > > > /******************* code fragment *****************************/ > > > > // Fetch ACL from slide for a folder > > AclProperty acl = webDavResource.aclfindMethod(sResourcePath); > > > > // Fetch the ACE's (access control entities) of the existing ACL > > Ace[] aces = acl.getAces(); > > > > // Create new ACE object none exists > > if (aces == null) > > aces = new Ace[0]; > > > > Ace[] oldAces = aces; > > // Create a new ace array (larger then the earlier ace array by 1) > > aces = new Ace[oldAces.length + 1]; > > > > // Copy the old array into the new array > > System.arraycopy(oldAces,0,aces,0,oldAces.length); > > > > // Create new ACE object bIsInherited = true > > aceNew = new Ace(sPrincipal, bDenyPrivilege, false, bIsInherited, null); > > > > // Copy the new ace into the new ace array > > aces[oldAces.length] = aceMatchingPrincipal; > > > > // Create a new privilege > > Privilege privilegeNew = new Privilege(qnPermission.getNamespaceURI(), > > qnPermission.getLocalName(), null); > > > > // Update the ace object with the new privilege settings > > > > aceNew.addPrivilege(privilegeNew); > > > > // Update repository with new acl for the resource > > bSuccess = webDavResource.aclMethod(sResourcePath, aces); > > > > > > > > Krishna > > (303) 274 3027 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
