[Yanel-dev] Bug 5130 - Implement disabling of inheritance within
a policy
Josias Thöny
josias.thoeny at wyona.com
Fri Mar 30 17:00:30 CEST 2007
Paloma Gomez wrote:
> Hi all,
>
> In order to prevent to make permission="true" mean "do apply inheritance"
about the attribute name, here are my ideas:
use-inherited-policies="false"
or
use-ancestor-policies="false"
they are a bit lengthy, though.
any better ideas?
> I think we should make the following changes to attachment 492:
thanks for explaining the changes.
josias
>
> There are two if clauses in the patch (see line 80).
>
> The first one checks if there is a permission attribute for the given
> role. If there is such an attribute, it then checks its value. If it is
> false, it denies access and if it is true, it grants access.
>
> The same applies to the next if clause, but in this case it checks if
> there is an permission attribute for the policy tag. Again, if there is
> such an attribute, the same tests and actions are applied.
>
> So I suggest changing it from:
>
> Original code
> -----------------------------------------------
> + if(defaultRolePermission != null){
> + if (defaultRolePermission.equals("true")) {
> + log.debug("Policy inheritance disabled for
> role:" + roleName + ". Access granted: " + path);
> + return true;
> + } else {
> + log.debug("Policy inheritance disabled for
> role:" + roleName + ". Access denied: "+ path);
> + return false;
> + }
> + }
> }
> }
> + if(defaultPermission != null){
> + if (defaultPermission.equals("true")) {
> + log.debug("Policy inheritance disabled. Access
> granted: " + path);
> + return true;
> + } else {
> + log.debug("Policy inheritance disabled. Access
> denied: "+ path);
> + return false;
> + }
> + }
> ------------------------------------------------------------------------
>
> to
>
> New code:
> -------------------------------------------------------------------------
> if(defaultRolePermission != null){
> if (defaultRolePermission.equals("false")) {
> log.debug("Policy inheritance disabled for role:" + roleName + ".
> Access denied: "+ path);
> return false;
> }
> }
>
> [...]
>
> if(defaultPermission != null){
> if (defaultPermission.equals("false")) {
> log.debug("Policy inheritance disabled. Access denied: "+ path);
> return false;
> }
> }
> -------------------------------------------------------------------------
>
>
> HTH,
>
> Paloma
>
> _______________________________________________
> Yanel-development mailing list
> Yanel-development at wyona.com
> http://wyona.com/cgi-bin/mailman/listinfo/yanel-development
>
More information about the Yanel-development
mailing list