[jboss-jira] [JBoss JIRA] Created: (JBPORTAL-1742) ACLEnforcer - folder.getFolders() give results for Anonymus user only if child folders have write or manage permssion for anonymous (read is not enough)

Mariusz Smykula (JIRA) jira-events at lists.jboss.org
Fri Oct 12 07:14:03 EDT 2007 

ACLEnforcer - folder.getFolders() give results for Anonymus user only if child folders have write or manage permssion for anonymous (read is not enough)
--------------------------------------------------------------------------------------------------------------------------------------------------------

                 Key: JBPORTAL-1742
                 URL: http://jira.jboss.com/jira/browse/JBPORTAL-1742
             Project: JBoss Portal
          Issue Type: Feature Request
      Security Level: Public (Everyone can see)
          Components: Portal CMS
    Affects Versions: 2.6.2 Final
         Environment: JBoss 4.2.1
            Reporter: Mariusz Smykula
         Assigned To: Sohil Shah


I want to execute simple code from my portlet:

 Command listCMD = cmsService.getCommandFactory().createFolderGetListCommand("/");
 mainFolder = (Folder) cmsService.execute(listCMD);
 LOG.info(mainFolder .getFolders().size()); 

This is ALWAYS empty folders list, if executed as Anonymous user. For real result I need to set role write or manage for Anonymus user to all subfolders. This is correct?

This happens because in ACLEnforce there is checked for write or mange permssion, but read is enough!

  for(Iterator itr=specificPermissions.iterator();itr.hasNext();)
        {
            Permission specificPermission = (Permission)itr.next();
            
            if( (specificPermission.getService().equals("cms")) && 
                (specificPermission.getAction().equals("write") || specificPermission.getAction().equals("manage"))
            )
            {
                for(Iterator itr2=userPermissions.iterator();itr2.hasNext();)
                {
                    Permission userPermission = (Permission)itr2.next();
                    if( (userPermission.getService().equals("cms")) && 
                        (userPermission.getAction().equals("write") || userPermission.getAction().equals("manage"))
                    )
                    {
                        String pathCriteria = userPermission.findCriteriaValue("path");
                        if(pathCriteria.equals(path))
                        {
                            //this means this user has read access to this path
                            toolAccess = true;
                        }
                    }
                }
            }
        }

This is correct?

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list