[jboss-jira] [JBoss JIRA] Commented: (JBPORTAL-1742) ACLEnforcer - folder.getFolders() give results for Anonymus user only if child folders have write or manage permssion for anonymous (read is not enough)

Friday, 12 October 2007

    [ http://jira.jboss.com/jira/browse/JBPORTAL-1742?page=comments#action_1238... ] 

Mariusz Smykula commented on JBPORTAL-1742:
-------------------------------------------

Ok, computeToolAccess have interesting comment, but why this method is included in
ACLInterceptor? I want to access CMS resources from my custom portlet and list them.

 * This is used to filter out cms resources in the CMS Admin tool, so that the user
     * can see only the resources that he has write/manage access to

...
 ACLEnforcer - folder.getFolders() give results for Anonymus user only
if child folders have write or manage permssion for anonymous (read is not enough)

--------------------------------------------------------------------------------------------------------------------------------------------------------

                 Key: JBPORTAL-1742
                 URL: http://jira.jboss.com/jira/browse/JBPORTAL-1742
             Project: JBoss Portal
          Issue Type: Feature Request
      Security Level: Public(Everyone can see) 
          Components: Portal CMS
    Affects Versions: 2.6.2 Final
         Environment: JBoss 4.2.1
            Reporter: Mariusz Smykula
         Assigned To: Sohil Shah

 I want to execute simple code from my portlet:
  Command listCMD =
cmsService.getCommandFactory().createFolderGetListCommand("/");
  mainFolder = (Folder) cmsService.execute(listCMD);
  LOG.info(mainFolder .getFolders().size()); 
 This is ALWAYS empty folders list, if executed as Anonymous user. For real result I need
to set role write or manage for Anonymus user to all subfolders. This is correct?
 This happens because in ACLEnforce there is checked for write or mange permssion, but
read is enough!
   for(Iterator itr=specificPermissions.iterator();itr.hasNext();)
         {
             Permission specificPermission = (Permission)itr.next();

             if( (specificPermission.getService().equals("cms")) && 
                 (specificPermission.getAction().equals("write") ||
specificPermission.getAction().equals("manage"))
             )
             {
                 for(Iterator itr2=userPermissions.iterator();itr2.hasNext();)
                 {
                     Permission userPermission = (Permission)itr2.next();
                     if( (userPermission.getService().equals("cms")) &&

                         (userPermission.getAction().equals("write") ||
userPermission.getAction().equals("manage"))
                     )
                     {
                         String pathCriteria =
userPermission.findCriteriaValue("path");
                         if(pathCriteria.equals(path))
                         {
                             //this means this user has read access to this path
                             toolAccess = true;
                         }
                     }
                 }
             }
         }
 This is correct? 
-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[jboss-jira] [JBoss JIRA] Commented: (JBPORTAL-1742) ACLEnforcer - folder.getFolders() give results for Anonymus user only if child folders have write or manage permssion for anonymous (read is not enough)