[Yanel-dev] Bug 5130 - Implement disabling of inheritance within a policy

Josias Thöny josias.thoeny at wyona.com
Fri Mar 30 17:00:30 CEST 2007


Paloma Gomez wrote:
> Hi all,
> 
> In order to prevent to make permission="true" mean "do apply inheritance"

about the attribute name, here are my ideas:

use-inherited-policies="false"
or
use-ancestor-policies="false"

they are a bit lengthy, though.

any better ideas?

> I think we should make the following changes to attachment 492:

thanks for explaining the changes.

josias


> 
> There are two if clauses in the patch (see line 80).
> 
> The first one checks if there is a permission attribute for the given
> role. If there is such an attribute, it then checks its value. If it is
> false, it denies access and if it is true, it grants access.
> 
> The same applies to the next if clause, but in this case it checks if
> there is an permission attribute for the policy tag. Again, if there is
> such an attribute, the same tests and actions are applied.
> 
> So I suggest changing it from:
> 
> Original code
> -----------------------------------------------
> +                    if(defaultRolePermission != null){
> +                	if (defaultRolePermission.equals("true")) {
> +                            log.debug("Policy inheritance disabled for
> role:" + roleName + ". Access granted: " + path);
> +                            return true;
> +                        } else {
> +                            log.debug("Policy inheritance disabled for
> role:" + roleName + ". Access denied: "+ path);
> +                            return false;
> +                        }
> +                    }
>                  }
>              }
> +            if(defaultPermission != null){
> +        	if (defaultPermission.equals("true")) {
> +                    log.debug("Policy inheritance disabled. Access
> granted: " + path);
> +                    return true;
> +                } else {
> +                    log.debug("Policy inheritance disabled. Access
> denied: "+ path);
> +                    return false;
> +                }
> +            }
> ------------------------------------------------------------------------
> 
> to
> 
> New code:
> -------------------------------------------------------------------------
> if(defaultRolePermission != null){
>     if (defaultRolePermission.equals("false")) {
>        log.debug("Policy inheritance disabled for role:" + roleName + ".
> Access denied: "+ path);
>        return false;
>     }
> }
> 
> [...]
> 
> if(defaultPermission != null){
>     if (defaultPermission.equals("false")) {
>         log.debug("Policy inheritance disabled. Access denied: "+ path);
>         return false;
>      }
> }
> -------------------------------------------------------------------------
> 
> 
> HTH,
> 
> Paloma
> 
> _______________________________________________
> Yanel-development mailing list
> Yanel-development at wyona.com
> http://wyona.com/cgi-bin/mailman/listinfo/yanel-development
> 




More information about the Yanel-development mailing list