Re: ACL permissions

[Denis Zvonov]

Hi!
Bertrand Tignon wrote:
Hello !
I'm trying to understand how permissions work with Slide using its API and I 
have a few questions about it.
1) In the Privilege class there are 5 statics fields : ALL, READ, WRITE, READ_ACL, WRITE_ACL but I don't understand the difference between WRITE and WRITE_ACL, READ and READ_ACL.
 

see specs http://www.webdav.org/specs/rfc3744.html
2) A privilege can only be one of these 5 fields or can we build other privileges ?
 

There are other privileges like "bind", "unbind" and so on see specs 
above and Domain.xml where all privileges are defined inside
<objectnode classname="org.apache.slide.structure.ActionNode" 
uri="/actions">  element.
You can also declare custom privileges under this node. They could be 
mapped to Slide actions in Domain.xml. Here is the example how we do:

   <namespace name="slide">
.........................................................
      <configuration>
           <!-- Actions mapping -->
           <read-object>/actions/read</read-object>
           <create-object>/actions/sp-create-object</create-object>
           <remove-object>/actions/sp-delete-object</remove-object>
           <grant-permission>/actions/write-acl</grant-permission>
           <revoke-permission>/actions/write-acl</revoke-permission>
           <read-permissions>/actions/read-acl</read-permissions>
           
<read-own-permissions>/actions/read-current-user-privilege-set</read-own-permissions>
           <lock-object>/actions/sp-modify</lock-object>
           <kill-lock>/actions/unlock</kill-lock>
           <read-locks>/actions/read</read-locks>
           <read-revision-metadata>/actions/read</read-revision-metadata>
           
<create-revision-metadata>/actions/sp-create-properties</create-revision-metadata>
           
<modify-revision-metadata>/actions/write-properties</modify-revision-metadata>
           
<remove-revision-metadata>/actions/write-properties</remove-revision-metadata>
           <read-revision-content>/actions/read</read-revision-content>
           
<create-revision-content>/actions/sp-create-content</create-revision-content>
           
<modify-revision-content>/actions/write-content</modify-revision-content>
           
<remove-revision-content>/actions/write-content</remove-revision-content>
           <bind-member>/actions/bind</bind-member>
           <unbind-member>/actions/unbind</unbind-member>
........
<configuration>

All the privileges, that starts with "sp-" is our custom privileges.
WARNING! Adding you custom privileges should not break standard 
behavior, specified in http://www.webdav.org/specs/rfc3744.html. To meet 
this requirement some other changes in Domain.xml was made. For example:
................
                   <objectnode 
classname="org.apache.slide.structure.ActionNode" uri="/actions/write">
                       <revision>
                           <property 
name="privilege-member-set"><![CDATA[<D:href 
xmlns:D='DAV:'>/actions/sp-modify</D:href> <D:href 
xmlns:D='DAV:'>/actions/sp-delete</D:href><D:href 
xmlns:D='DAV:'>/actions/sp-create</D:href>]]></property>
                       </revision>
                   </objectnode>
...............

And another newbie question, is there a wicki about creating slide users and 
slide roles with the Slide API ?
 

Thanx a lot for your help.
 

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]