Ok, i just commented in Domain.xml the default permissions for all users
in for /files
<objectnode classname="org.apache.slide.structure.SubjectNode"
uri="/files">
<permission action="all" subject="unauthenticated" inheritable="true"/>
<!--<permission action="/actions/write" subject="/roles/user"
inheritable="true"/>-->
<permission action="/actions/read-acl" subject="owner" inheritable="true"/>
</objectnode>
Now, everytime i create a new folder under /files i specify the proper
permissions (ie. deny all for /slide/roles/user and grant all to the
"owner" /slide/users/usernamehere, remember that the order is very
important -first match=rule applied- verify the right order with a
webdav client)
I wrote "owner" because in my case the real owner is
always /slide/users/root but the "fake" owner is which have all
permissions granted.
fyi. Im not denying "read" to everybody in /files, so this way a user
with several folders under /files can list all of them without a
problem.
Hope this helps
Carlos
On Wed, 2005-07-13 at 09:46 +0700, gaLihhari wrote:
> Hi Carlos,
>
> Now i'm getting the same problem as you were.
> May ask you to give me some example of how to remove read access for
> everybody... in /slide/files
>
>
> I've try to remove priviliges of /roles/user but it make everybody can't
> access it even root.
>
>
> Any suggestion?
>
> Thanks,
>
>
>
> > hi all.
> >
> > Im developing my first webdav application so im totally newbie on this.
> > Basically is an scholar module where i want to create folders for each
> > subject, the teacher must have full access (read & write) and the
> > students read only, but important: restricted to his/her courses.
> >
> > Let me review what i have done:
> >
> > For instance the default configuration allow everybody to write inside
> > the "files" directory, so i have removed this.
> >
> > The root user is part of the users role, and i think is not desired in
> > my case because root must have full access to everything and if i use
> > some deny involving the users role, root will be affected too; so i
> > removed root from users role.
> >
> > I have created a folder for MA123 (Math) as root and gave full access
> > to john, now john can read and write on his folder perfectly but still
> > remains a problem, everybody has read access* to MA123 (yeah i have a
> > copyright issue) so, how can i deny read access to everybody else except
> > john and his students?, i suppose there must be a way to do a deny all
> > and then grant the students (individually or by group).
> >
> > *By default everybody has read access from "/", apparently because a
> > user needs to read roles/actions, but its inherited to "files" and i
> > cant get rid of it, because appears several errors if i do it.
> >
> > ACL for /slide/files/MA123:
> > ------------------------------------------------------------
> > granted to /slide/users/john (not protected) (not inherited)
> > DAV:all
> > granted to unauthenticated (not protected) (inherited from
> > '/slide/files')
> > DAV:all
> > granted to property (not protected) (inherited from '/slide/files')
> > DAV:read-acl
> > granted to /slide/roles/root (not protected) (inherited from
> > '/slide/')
> > DAV:all
> > denied to all (not protected) (inherited from '/slide/')
> > DAV:read-acl
> > DAV:write-acl
> > DAV:unlock
> > granted to /slide/roles/user (not protected) (inherited from
> > '/slide/')
> > DAV:read
> > ------------------------------------------------------------
> >
> > Any ideas of how can i configure the right acls ?
> >
> > thanx in advance
> > Carlos
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
>
>
>
>
> --
> Galih Hari Wibowo
> Lab IBS - Teknik Informatika ITS
>
>
> YM : gaLihhari
> [EMAIL PROTECTED] : [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
