Re: My "dirty" solution to set non-inheritable privileges using webdav client

Mon, 25 Jul 2005 07:24:13 -0700 

Hello,
It does not work for me, even with the read permission on /files (and on the full path). I wonder if Slide manages non inheritable permissions even with the acl_inheritance_type parameter ? 

Thomas

Maximo Gurmendez wrote:


I've tried something similar, and worked well through the domain.xml, 
however I need to add this privilege without restarting the 
application (through webdav).



I recall I had a similar problem on a folder, say, /files/afolder and 
the problem was that it needed to have /files read permission (not 
inherited)


Regards,
  Maximo



----- Original Message ----- From: "Thomas Bellembois" 
<[EMAIL PROTECTED]>

To: "Slide Users Mailing List" <slide-user@jakarta.apache.org>
Sent: Monday, July 25, 2005 7:35 AM

Subject: Re: My "dirty" solution to set non-inheritable privileges 
using webdav client




Hello,

It does not seem to work either.
I have the same problem.
When I put the following permission on a resource :
<permissions>

<permission subjectUri="/users/bourges" actionUri="/actions/write" 
inheritable="true" negative="false" />

</permissions>


The user "bourges" can write but if I change the inheritable="true" 
into "false" it does not work anymore.



I have tried many configurations in my Domain.xml for the 
acl_inheritance_type parameter.


Any idea ?

Thanks.

Thomas


Miguel Figueiredo wrote:



Good morning,


Have you checked the following parameter?


<parameter name="acl_inheritance_type">[path|0|1|...]</parameter>


It’s configurable in the Domain.xml


Hope this helps,

Miguel Figueiredo



-----Original Message-----

From: Maximo Gurmendez [mailto:[EMAIL PROTECTED] Sent: 
segunda-feira, 25 de Julho de 2005 5:20

To: Slide Users Mailing List

Subject: My "dirty" solution to set non-inheritable privileges using 
webdav

client


I've modified the createNodePermissionList method from
org.apache.slide.webdav.method.AclMethod class as pasted below.


For doing this I send through webdav a new privilege 
"read-noninheritable"

or "write-noninheritable", and it works fine.


Example, for client:


       Ace a = new Ace("/users/auser");

       a.setInherited(false);

       a.addPrivilege(new
Privilege("ECADEMICUS:","read-noninherited","inherit"));

       a.setProtected(false);

       a.setNegative(false);

       Ace[] aces = new Ace[1];

       aces[0]=a;

       boolean ok = res.aclMethod("/files/afolder",aces);


Maybe it is not the best, but it was suggested as a posibility. Maybe
someone knows of a better way.


Many thanks,

    Máximo


Ing. Máximo Gurméndez

IT Applications Integrator

The British Schools, Montevideo

Máximo Tajes 6400

Tel. 6003421 int. 136

email: [EMAIL PROTECTED]




---------------------------------------------------------------------------- 


----




private List createNodePermissionList( Element aceElm ) throws
PreconditionViolationException, SlideException, JDOMException {

       List result = new ArrayList();

       String objectUri = resourcePath;

       String subjectUri = null;

       String actionUri = null;

       boolean negative = false;

       boolean invert = false;


       // ACE principal

       Element principalElm = aceElm.getChild(E_PRINCIPAL, DNSP);

       if (principalElm == null) {

           Element invertElm = aceElm.getChild(E_INVERT, DNSP);

           if (invertElm != null) {

               invert = true;

               principalElm = invertElm.getChild(E_PRINCIPAL, DNSP);

           }

       }

       if (principalElm != null) {

           subjectUri = createSubjectUri(principalElm);

       }

       else {

           throw new PreconditionViolationException(

               new ViolatedPrecondition("missing-ace-principal",
WebdavStatus.SC_BAD_REQUEST), resourcePath

           );

       }


       // ACE grant and deny

       Element grantDenyElm = null;

       Element grantElm = aceElm.getChild(E_GRANT, DNSP);

       Element denyElm = aceElm.getChild(E_DENY, DNSP);

       if (grantElm != null && denyElm == null) {

           grantDenyElm = grantElm;

       }

       else if (grantElm == null && denyElm != null) {

           negative = true;

           grantDenyElm = denyElm;

       }

       else if(grantElm != null && denyElm != null) {

           throw new PreconditionViolationException(

               new ViolatedPrecondition("only-grant-or-deny-allowed",
WebdavStatus.SC_BAD_REQUEST), resourcePath

           );

       }

       else if(grantElm == null && denyElm == null) {

           throw new PreconditionViolationException(

               new ViolatedPrecondition("missing-grant-or-deny",
WebdavStatus.SC_BAD_REQUEST), resourcePath

           );

       }

       Iterator privilegeIt = grantDenyElm.getChildren(E_PRIVILEGE,
DNSP).iterator();


       while (privilegeIt.hasNext()) {

           Element privilegeElm = (Element)privilegeIt.next();

           actionUri = createActionUri(privilegeElm);

           if (actionUri == null) {

               throw new PreconditionViolationException(

                   new ViolatedPrecondition("not-supported-privilege",
WebdavStatus.SC_BAD_REQUEST), resourcePath

               );

           }

           else {

               //begin add ecademicus

               boolean inherit=true;

               if (actionUri.endsWith("-noninherited")) {

                   inherit=false;

                   actionUri=actionUri.replaceAll("-noninherited","");

               }

               //end add ecademicus



               //NodePermission np = new NodePermission(objectUri,
subjectUri, actionUri, true, negative);

               // mod ecademicus

               NodePermission np = new NodePermission(objectUri,
subjectUri, actionUri, inherit, negative);

               np.setInvert(invert);

               result.add(np);

           }

       }




       return result;

   }






--
+---=(    Thomas Bellembois    )=---+
| CRI - University of Rennes 1 - FR |
| [EMAIL PROTECTED] |
| +33 2 23 23 69 60                 |
+-----------------------------------+


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]






---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
+---=(    Thomas Bellembois    )=---+
| CRI - University of Rennes 1 - FR |
| [EMAIL PROTECTED] |
| +33 2 23 23 69 60                 |
+-----------------------------------+


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to