[Yanel-dev] permissions for policy edition and view on 'use-cases' realm

Michael Wechner michael.wechner at wyona.com
Wed Mar 24 11:53:57 CET 2010


Guillaume Déflache wrote:
> Michael Wechner schrieb:
>> Guillaume Déflache wrote:
>>> Hi!
>>>
>>> I am trying to access the policy editor and the policy viewer in the 
>>> 'usecases' realm.
>>> I managed to log in with both 'alice' and 'lenya' users, but I still 
>>> get 'Authorization was denied.' for both and the toolbar.
>>> AFAICS there are no policy files in ac-policies/ that would prevent 
>>> this, and on the from-scratch realm this works OK with the user 
>>> 'lenya' and apparently no related policy files are there either.
>>> What am I missing?
>>
>> The rights were missing:
>>
>> Index: ac-policies/.policy
>> ===================================================================
>> --- ac-policies/.policy    (revision 48242)
>> +++ ac-policies/.policy    (working copy)
>> @@ -31,4 +31,12 @@
>>     <user id="lenya" permission="true"/>
>>   </role>
>>
>> +  <role id="policy.read">
>> +    <user id="lenya" permission="true"/>
>> +  </role>
>> +
>> +  <role id="policy.update">
>> +    <user id="lenya" permission="true"/>
>> +  </role>
>> +
>> </policy>
>>
>> I will commit them right now
>
> OK thanks, sorry I forgot about the .policy file.
>
> That reminds me of a remark memo made during lunch recently: this 
> policy file is hidden under Unix and can easily get forgotten,

not if it is documented
> maybe we should allow for an alternative name like "policy" without 
> the leading dot (or COLLECTION.policy so that there is still an 
> extension) so that it can be always visible?
> Ditto for .yarep files BTW.

The problem is re conflicts. What if you have directory called 
COLLECTION? Or ROOT or whatever.

Btw, SVN and GIT use the same principle.

Cheers

Michi



More information about the Yanel-development mailing list