[Yanel-dev] Bug 5130 - Implement disabling of inheritance within
a policy
Michael Wechner
michael.wechner at wyona.com
Fri Mar 30 17:03:58 CEST 2007
Josias Thöny wrote:
> Paloma Gomez wrote:
>
>> Hi all,
>>
>> In order to prevent to make permission="true" mean "do apply
>> inheritance"
>
>
> about the attribute name, here are my ideas:
>
> use-inherited-policies="false"
> or
> use-ancestor-policies="false"
+1 both, whereas maybe Jonathan as native english speaking might be able
to tell which one makes more sense
Thanks
Michi
>
> they are a bit lengthy, though.
>
> any better ideas?
>
>> I think we should make the following changes to attachment 492:
>
>
> thanks for explaining the changes.
>
> josias
>
>
>>
>> There are two if clauses in the patch (see line 80).
>>
>> The first one checks if there is a permission attribute for the given
>> role. If there is such an attribute, it then checks its value. If it is
>> false, it denies access and if it is true, it grants access.
>>
>> The same applies to the next if clause, but in this case it checks if
>> there is an permission attribute for the policy tag. Again, if there is
>> such an attribute, the same tests and actions are applied.
>>
>> So I suggest changing it from:
>>
>> Original code
>> -----------------------------------------------
>> + if(defaultRolePermission != null){
>> + if (defaultRolePermission.equals("true")) {
>> + log.debug("Policy inheritance disabled for
>> role:" + roleName + ". Access granted: " + path);
>> + return true;
>> + } else {
>> + log.debug("Policy inheritance disabled for
>> role:" + roleName + ". Access denied: "+ path);
>> + return false;
>> + }
>> + }
>> }
>> }
>> + if(defaultPermission != null){
>> + if (defaultPermission.equals("true")) {
>> + log.debug("Policy inheritance disabled. Access
>> granted: " + path);
>> + return true;
>> + } else {
>> + log.debug("Policy inheritance disabled. Access
>> denied: "+ path);
>> + return false;
>> + }
>> + }
>> ------------------------------------------------------------------------
>>
>> to
>>
>> New code:
>> -------------------------------------------------------------------------
>>
>> if(defaultRolePermission != null){
>> if (defaultRolePermission.equals("false")) {
>> log.debug("Policy inheritance disabled for role:" + roleName + ".
>> Access denied: "+ path);
>> return false;
>> }
>> }
>>
>> [...]
>>
>> if(defaultPermission != null){
>> if (defaultPermission.equals("false")) {
>> log.debug("Policy inheritance disabled. Access denied: "+ path);
>> return false;
>> }
>> }
>> -------------------------------------------------------------------------
>>
>>
>>
>> HTH,
>>
>> Paloma
>>
>> _______________________________________________
>> Yanel-development mailing list
>> Yanel-development at wyona.com
>> http://wyona.com/cgi-bin/mailman/listinfo/yanel-development
>>
>
>
> _______________________________________________
> Yanel-development mailing list
> Yanel-development at wyona.com
> http://wyona.com/cgi-bin/mailman/listinfo/yanel-development
>
--
Michael Wechner
Wyona - Open Source Content Management - Apache Lenya
http://www.wyona.com http://lenya.apache.org
michael.wechner at wyona.com michi at apache.org
+41 44 272 91 61
More information about the Yanel-development
mailing list