From: Dmitriy S. <sha...@gm...> - 2012-02-08 04:40:17
|
On Wed, Feb 8, 2012 at 7:45 AM, Joe Wicentowski <jo...@gm...> wrote: > In adapting my applications to the new security architecture, I wanted > to report my experience and a problem I had. > > The immediate problem was that my .xq files, called via the browser, > were not executing for guest users, even though I thought I understood > your advice below and set the .xq file's permissions for world to --x. > The error as reported in the browser said, "Not Allowed To Read > Collection". I was a bit confused by this since the parent > collection's permissions allowed reads. No other information appeared > in exist.log or any other logs, so my troubleshooting led me to > examine permissions on an expath repo package (demo.xar) I installed > via the admin page. I saw its permissions on .xq files for world was > r-x. > > In hindsight I realize I was reading your advice below too literally. > It makes sense that to "execute" a .xq via web browser, we need to not > only make it "executable" but also "readable". > > The new documentation at http://localhost:8080/exist/security.xml is > very full, but I didn't see anything in the tables in the "Operational > Permissions" section to the effect that "r-x" is required to "execute > a .xq file in the browser". "Execute a .xq" probably isn't the right > terminology ("view" a .xq? "call" a .xq?), but I hope it's clear. > This is a bug, IMHO. Can you send trace? -- Dmitriy Shabanov |