Re: Permission... Help me please

[Thomas Wenk]

Hello Nicolas,

may be it works if you change the order of access rules:
especially

<objectnode classname="org.apache.slide.structure.SubjectNode" 
uri="/public/power">
<permission action="/actions/read" subject="/roles/Users" 
inheritable="true" negative="true"/>
<permission action="/actions/read" subject="/roles/PowerUsers" 
inheritable="true"/>
<permission action="/actions/write" subject="/roles/PowerUsers" 
inheritable="true"/>
</objectnode>

bob is member of Users and PowerUsers, i guess the first rule match for 
bob also: He is a member of Users and Users are not permitted to read. 
Try to put the rules for PowerUsers on top. It is a litle bit like 
configuring a firewall, I think :) If iot does not help try to switch on 
debugging in the Domain.xml, the output tells you which rule was applied 
to bob.

regards
thomas

Nicolas Duperré schrieb:
Let's say user Bob has two roles "users" and "powerUsers".
 
How can Bob be able to read/write "/public" AND  "/public/power" while Alice with only the role "Users" be able to read only "/public" AND NOT "/public/power"
 
I have tried the following config but Bob cannot read "/public/power : 
 
<objectnode classname="org.apache.slide.structure.SubjectNode" uri="/roles/users">
<revision>
<property name="group-member-set"><![CDATA[
<D:href xmlns:D='DAV:'>/users/Bob</D:href>
<D:href xmlns:D='DAV:'>/users/Alice</D:href>
</property>                             
</revision>
</objectnode>
 
<objectnode classname="org.apache.slide.structure.SubjectNode" uri="/roles/powerUsers">
<revision>
<property name="group-member-set"><![CDATA[
<D:href xmlns:D='DAV:'>/users/Bob</D:href>
</property>                             
</revision>
</objectnode>
 
<objectnode classname="org.apache.slide.structure.SubjectNode" uri="/public">
<permission action="/actions/read" subject="/roles/Users" inheritable="false"/>
<permission action="/actions/read" subject="/roles/PowerUsers" 
inheritable="true"/>
<permission action="/actions/write" subject="/roles/PowerUsers" 
inheritable="true"/>

 
<objectnode classname="org.apache.slide.structure.SubjectNode" uri="/public/power">
<permission action="/actions/read" subject="/roles/Users" inheritable="true" 
negative="true"/>
<permission action="/actions/read" subject="/roles/PowerUsers" 
inheritable="true"/>
<permission action="/actions/write" subject="/roles/PowerUsers" 
inheritable="true"/>
</objectnode>
 
</objectnode>
 
Can this be done ? Am I missing something ?
 
Thank you very much

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]