Hi Rebecca,

The datastream security is not stored in the auth_index tables - those tables are for the listing of whole records, they allow us to query the fez metadata index and exclude records that the user doesn't have access to.

For checking whether individual datastreams can be accessed, the code looks for a FezACML_ prefix so that if your pdf is called article.pdf, then there will be a FezACML_article.xml file to go with it.  These should only affect view.php and eserv.php.


On 6/8/07, Rebecca Sutton Koeser <rebecca.s.koeser@emory.edu> wrote:

On Wednesday June 06, 2007 at 02:50 PM, Christiaan Kortekaas wrote:
> Yes I knew about this bug but haven't got around to fixing it. Can
> you fill me in on what you did to fix it and I'll commit it to trunk
> (thanks).

To clarify-- I haven't fixed any bugs.  There was an incompatibility
in the # of parameters for the array_to_xml_instance function in the
foxml class, which I assume is because I have slightly out of sync
code (mostly fez 1.3 with just enough updates from svn to work with
Fedora 2.2).

I'm not sure how to go about fixing the record/datastream permissions
issue because I'm not clear on how datastream permissions are stored
in the fez sql db.

> Fez looks for FEZACML_ then the datastream ID of it is supposed to protect.
> So and example could be Random.pdf -> FEZACML_Random.pdf.

From the examples, it looks like the datastream is actually
FezACML_Random.pdf.xml, correct?

> The reindexer has been rewritten lately in the trunk (not by me) and its
> possible it is not picking up datastream fezacml. I'll take a look soon.

I'm still using an older version of the fez code; can you (or whoever
rewrote it) confirm if the rewritten version would help with the
datastream permissions issue?

Rebecca Sutton Koeser, Ph.D.

Version: GnuPG v1.4.5 (GNU/Linux)


This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
Fez-developers mailing list