[jboss-jira] [JBoss JIRA] Resolved: (JBPORTAL-1742) ACLEnforcer - folder.getFolders() give results for Anonymus user only if child folders have write or manage permssion for anonymous (read is not enough)
Sohil Shah (JIRA)
jira-events at lists.jboss.org
Wed Nov 28 04:07:46 EST 2007
[ http://jira.jboss.com/jira/browse/JBPORTAL-1742?page=all ]
Sohil Shah resolved JBPORTAL-1742.
----------------------------------
Resolution: Rejected
Mariusz-
This is actually not a bug. The FolderGetListCommand that comes part of the core cms codebase is designed to support the CMS Admin tool along with the security semantics that go along with it, provided by the
ACLInterceptor and ACLEnforcer.
If you need to access the data outside the context of the CMS Admin tool (which is a custom portlet in your case), a clean solution would be to create your own cms command (basically the same as FolderGetListCommand). This new command will be outside the context of the CMS Admin tool security context and you should be able to get your resources the way your portlet prefers them to be
> ACLEnforcer - folder.getFolders() give results for Anonymus user only if child folders have write or manage permssion for anonymous (read is not enough)
> --------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: JBPORTAL-1742
> URL: http://jira.jboss.com/jira/browse/JBPORTAL-1742
> Project: JBoss Portal
> Issue Type: Feature Request
> Security Level: Public(Everyone can see)
> Components: Portal CMS
> Affects Versions: 2.6.2 Final
> Environment: JBoss 4.2.1
> Reporter: Mariusz Smykula
> Assigned To: Sohil Shah
> Fix For: 2.6.3 Final
>
>
> I want to execute simple code from my portlet:
> Command listCMD = cmsService.getCommandFactory().createFolderGetListCommand("/");
> mainFolder = (Folder) cmsService.execute(listCMD);
> LOG.info(mainFolder .getFolders().size());
> This is ALWAYS empty folders list, if executed as Anonymous user. For real result I need to set role write or manage for Anonymus user to all subfolders. This is correct?
> This happens because in ACLEnforce there is checked for write or mange permssion, but read is enough!
> for(Iterator itr=specificPermissions.iterator();itr.hasNext();)
> {
> Permission specificPermission = (Permission)itr.next();
>
> if( (specificPermission.getService().equals("cms")) &&
> (specificPermission.getAction().equals("write") || specificPermission.getAction().equals("manage"))
> )
> {
> for(Iterator itr2=userPermissions.iterator();itr2.hasNext();)
> {
> Permission userPermission = (Permission)itr2.next();
> if( (userPermission.getService().equals("cms")) &&
> (userPermission.getAction().equals("write") || userPermission.getAction().equals("manage"))
> )
> {
> String pathCriteria = userPermission.findCriteriaValue("path");
> if(pathCriteria.equals(path))
> {
> //this means this user has read access to this path
> toolAccess = true;
> }
> }
> }
> }
> }
> This is correct?
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list