[jboss-jira] [JBoss JIRA] Commented: (JBPORTAL-1742) ACLEnforcer - folder.getFolders() give results for Anonymus user only if child folders have write or manage permssion for anonymous (read is not enough)
Mariusz Smykula (JIRA)
jira-events at lists.jboss.org
Fri Oct 12 07:20:30 EDT 2007
[ http://jira.jboss.com/jira/browse/JBPORTAL-1742?page=comments#action_12382047 ]
Mariusz Smykula commented on JBPORTAL-1742:
-------------------------------------------
Ok, computeToolAccess have interesting comment, but why this method is included in ACLInterceptor? I want to access CMS resources from my custom portlet and list them.
* This is used to filter out cms resources in the CMS Admin tool, so that the user
* can see only the resources that he has write/manage access to
> ACLEnforcer - folder.getFolders() give results for Anonymus user only if child folders have write or manage permssion for anonymous (read is not enough)
> --------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: JBPORTAL-1742
> URL: http://jira.jboss.com/jira/browse/JBPORTAL-1742
> Project: JBoss Portal
> Issue Type: Feature Request
> Security Level: Public(Everyone can see)
> Components: Portal CMS
> Affects Versions: 2.6.2 Final
> Environment: JBoss 4.2.1
> Reporter: Mariusz Smykula
> Assigned To: Sohil Shah
>
> I want to execute simple code from my portlet:
> Command listCMD = cmsService.getCommandFactory().createFolderGetListCommand("/");
> mainFolder = (Folder) cmsService.execute(listCMD);
> LOG.info(mainFolder .getFolders().size());
> This is ALWAYS empty folders list, if executed as Anonymous user. For real result I need to set role write or manage for Anonymus user to all subfolders. This is correct?
> This happens because in ACLEnforce there is checked for write or mange permssion, but read is enough!
> for(Iterator itr=specificPermissions.iterator();itr.hasNext();)
> {
> Permission specificPermission = (Permission)itr.next();
>
> if( (specificPermission.getService().equals("cms")) &&
> (specificPermission.getAction().equals("write") || specificPermission.getAction().equals("manage"))
> )
> {
> for(Iterator itr2=userPermissions.iterator();itr2.hasNext();)
> {
> Permission userPermission = (Permission)itr2.next();
> if( (userPermission.getService().equals("cms")) &&
> (userPermission.getAction().equals("write") || userPermission.getAction().equals("manage"))
> )
> {
> String pathCriteria = userPermission.findCriteriaValue("path");
> if(pathCriteria.equals(path))
> {
> //this means this user has read access to this path
> toolAccess = true;
> }
> }
> }
> }
> }
> This is correct?
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list