[jboss-user] [JBoss Portal] - Re: CMS security not working

[DanielGallot]

Here is what I understand about "overriding the recursing permissions" (I am only using roles):
for a given directory, if one overrides the read permission, i.e for at least one role, the read permission is redefined for all the roles (get it if explicitly selected / lose it if explicitly not selected). And also the write and manage permissions are redefined, even if their selection lists are not modified.
It that right ? (anyway it is not so obvious for me - lots of tests to look over those grantings). The following tests have been done.

Well first this does not seem applicable to "admin" user : it keeps all the rights whatever I give or not to Administrators role. OK, I keep it apart. So I create "myAdmin" with the "Administrators" role.

Here is what I got with "myAdmin" and the other users and directory we use in the previous posts (users with the same name as the role for each "myRole" and "myRole2") :
- All the roles have the read permission on "/" excepted "anonymous" and "users", and "Administrators" have the write and manage permissions.
- I redefined the read permission of "/default" : only "anonymous" and "users" have it
this is OK, "myRole", "myRole2", "mySupervisor" and "myAdmin" have no more access to "default" neither to /default/index.html on the home page .
  | And they have always access to "/MyTopDirectory".
  | Anonymous and users have access to /default/index.html (what does happen if a user has "myRole" and "users" ?.... See that another time, above all on the directories access while using the CMS).
- I redefined the write permission on "/MyTopDirectory" to give it to "mySupervisor" (the one that has to organize this directory)
This is not OK because 
  | 1) "access denied" exception happens to "mySupervisor" when trying "create folder" or "upload file" <<<< this is a big problem (1)
  | 2) "myRole", "myRole2" and "myAdmin" has no more read access to "/MyTopDirectory".
  | "myAdmin" cannot any more "create folder" in "/" : "java.lang.Exception: Not a valid basePath null".
  | But it works if there is another directory it has access (in the first test, there was no more accessible directory) <<<< this is (?) a small problem
- I redefined the read permissions on "/MyTopDirectory" to give it to "myRole" and "myRole2", and the manage permission to "Administrators"
1) "myRole" and "myRole2" did not get the read permission <<<<< this is a big problem (2)
  | 2) "myAdmin" got the manage permission and the write permission

Please tell me if I can do something to give write access to "/MyTopDirectory" for "mySupervisor" (cf. (1)) and read access to  "/MyTopDirectory" for "myRole" and "myRole2" (cf. (2)).
Thanks a lot.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4116498#4116498

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4116498