Re: [Hypercontent-users] download zip facility

[Alex V. <al...@bi...>]

Hi,
	OK, you found a real bug there!  I checked in the fix to

org.hypercontent.workflow.exec.impl.ZippingExecutable

The bug would have kept anyone who is not an admin from downloading a =20=

zip.

However, users will still only be able to zip files and directories =20
for which they have read permission.  And to be clear, this permission:

<permission principal=3D"group:publishers"
  target=3D"/**/"  activity=3D"read"/>

does NOT override

<permission principal=3D"group:anybody"
  target=3D"/config/**/"  activity=3D"read" denied=3D"true"/>

See my explanation again of precedence in permissions:  more specific =20=

targets are given higher weight than more specific groups.  So this =20
permission:

<permission principal=3D"group:publishers"
  target=3D"/config/**/"  activity=3D"read"/>

DOES override

<permission principal=3D"group:anybody"
  target=3D"/config/**/"  activity=3D"read" denied=3D"true"/>


Cheers,
Alex



On Aug 29, 2007, at 11:41 PM, tom tom wrote:

> Hi Alex,
>
> I tried many possibilities but failed. see my
> observations below,
>
> I dont want everybody to see the configuration
> directories, that is why I am having those denied=3Dtrue
> for those targets, but the thing which I can't
> understand is as we have the following shouldnt this
> overide the top level permissions.
>
> <permission principal=3D"group:publishers"
>  target=3D"/**/"  activity=3D"read"/>
>
> <permission principal=3D"group:publishers"
>  target=3D"/**/*.*" activity=3D"read"/>
>
>
> As the above failed I did overide all the denied=3Dtrue
> entries in the publisher group to have the read
> rights,
> but that also failed. This is what you recommended.
>
> In the end I removed all the top denied=3Dtrue entries,
> e.g
> <permission principal=3D"group:anybody"
> target=3D"/config/**/" activity=3D"read" denied=3D"true"/>
>
>  but still it fails.
>
> If I go to a specific directory and try to zip which
> has not been restricted, still it shows the same
> problem.
>
> Can you try this in your environment.? I have a
> feeling something wrong some where, let me know if you
> want to see my zip.xml
>
> Thanks,
>
>
>
>
>
>> 	It could have something to do with your permissions
>> setup.  HC has
>> to resolve conflicting permissions in two ways:
>> those which have a
>> more specific target, and those which have a more
>> specific group.  It
>> evaluates them in that order, so that a more
>> specific target is
>> honored over a more specific group.  In your case,
>> that means
>> publishers are inheriting "denied" read permissions
>> for design, xsl,
>> config and dtd from group:anybody; however if you
>> assign
>> group:publishers read for any of those targets, the
>> more specific
>> group of publishers will take precedence.
>> =09
>> Alex
>>
>> On Aug 28, 2007, at 8:18 PM, tom tom wrote:
>>
>>> Hi Alex,
>>>
>>> Yes it is not a empty directory at all, basically
>> this
>>> is the very root folder, my intention was to
>> download
>>> the entire site as a publisher.
>>>
>>> this works fine if I login as a administrator.
>>>
>>> But we want to give the download zip feature for
>>> publishers as well. That is this effort.
>>>
>>>
>>> After the above effort I did login and browse to a
>>> lower directory and tried to download it but still
>> it
>>> doenst show the link but shows the error which I
>> sent
>>> previous email.
>>>
>>> Any how I am sending my permissions.xml and
>> zip.xml
>>> for your reference
>>>
>>> permissions.xml
>>> <permissions>
>>> <permission principal=3D"group:anybody"
>> target=3D"/**/*.*"
>>> activity=3D"read"/>
>>> <permission principal=3D"group:anybody"
>>> target=3D"/config/**/*.*" activity=3D"read"
>>> denied=3D"true"/>
>>> <permission principal=3D"group:anybody"
>>> target=3D"/config/**/" activity=3D"read"
>> denied=3D"true"/>
>>> <permission principal=3D"group:anybody"
>>> target=3D"/design/**/" activity=3D"read"
>> denied=3D"true"/>
>>> <permission principal=3D"group:anybody"
>>> target=3D"/xsl/**/" activity=3D"read" denied=3D"true"/>
>>> <permission principal=3D"group:anybody"
>>> target=3D"/dtd/**/" activity=3D"read" denied=3D"true"/>
>>> <permission principal=3D"group:anybody"
>>> target=3D"/workflow-data/**/" activity=3D"read"
>>> denied=3D"true"/>
>>> <permission principal=3D"group:authors"
>> target=3D"/**/"
>>> activity=3D"read"/>
>>> <permission principal=3D"group:authors"
>> target=3D"/**/*.*"
>>> activity=3D"create"/>
>>> <permission principal=3D"group:authors"
>> target=3D"/**/*.*"
>>> activity=3D"write"/>
>>> <permission principal=3D"group:authors"
>> target=3D"/**/*.*"
>>> activity=3D"delete"/>
>>> <permission principal=3D"group:authors"
>> target=3D"/**/"
>>> activity=3D"build"/>
>>> <permission principal=3D"group:authors"
>> target=3D"/**/*.*"
>>> activity=3D"build"/>
>>> <permission principal=3D"group:approvers"
>> target=3D"/**/"
>>> activity=3D"read"/>
>>> <permission principal=3D"group:approvers"
>>> target=3D"/**/*.*" activity=3D"create"/>
>>> <permission principal=3D"group:approvers"
>>> target=3D"/**/*.*" activity=3D"write"/>
>>> <permission principal=3D"group:approvers"
>>> target=3D"/**/*.*" activity=3D"delete"/>
>>> <permission principal=3D"group:approvers"
>>> target=3D"/**/*.*" activity=3D"approve"/>
>>> <permission principal=3D"group:publishers"
>> target=3D"/**/"
>>> activity=3D"read"/>
>>> <permission principal=3D"group:publishers"
>>> target=3D"/**/*.*" activity=3D"read"/>
>>> <permission principal=3D"group:publishers"
>> target=3D"/**/"
>>> activity=3D"publish"/>
>>> <permission principal=3D"group:publishers"
>>> target=3D"/**/*.*" activity=3D"publish"/>
>>> </permissions>
>>>
>>>
>>> zip.xml
>>>
>>> <workflow binding=3D"/**/">
>>> =E2=88=92
>>> 	<event name=3D"download-zip" permissions=3D"read">
>>> <variable name=3D"zipper" value=3D"${actor}"/>
>>> <variable name=3D"href"
>>>
>>
> value=3D"${abs-server-base}/screens/please-wait.html"/>
>>> <nq q=3D"zipping"/>
>>> <nq who=3D"${zipper}"/>
>>> <zip/>
>>> </event>
>>> =E2=88=92
>>> 	<event name=3D"upload-zip"
>> permissions=3D"read,write">
>>> <variable name=3D"uploader" value=3D"${actor}"/>
>>> <input name=3D"zip" label=3D"Choose a zip to upload"
>>> type=3D"file"/>
>>> <input name=3D"force" type=3D"select" label=3D"Force
>>> overwrite" options=3D"true,false" default=3D"false"/>
>>> <copy path=3D"/" source=3D"${zip}"
>> destination=3D"${path}"
>>> force=3D"${force}" delete=3D"false"/>
>>> <variable name=3D"href"
>>>
>>
> value=3D"${abs-server-base}/screens/please-wait.html"/>
>>> <nq q=3D"uploading"/>
>>> <nq who=3D"${uploader}"/>
>>> </event>
>>> =E2=88=92
>>> 	<q id=3D"zipping">
>>> =E2=88=92
>>> 	<event name=3D"batch-complete">
>>> <variable name=3D"zip" value=3D"${zip}"/>
>>> <variable name=3D"href"
>>>
>>
> value=3D"${abs-server-base}${zip}?mode=3Ddownload-link"/>
>>> <dq/>
>>> <nq q=3D"zipped"/>
>>> </event>
>>> </q>
>>> =E2=88=92
>>> 	<q id=3D"uploading">
>>> =E2=88=92
>>> 	<event name=3D"batch-complete">
>>> <variable name=3D"href"
>>>
>>
> value=3D"${abs-server-base}${work-path}?mode=3Dwork-details"/>
>>> <dq/>
>>> <nq q=3D"uploaded"/>
>>> </event>
>>> </q>
>>> =E2=88=92
>>> 	<q id=3D"zipped">
>>> =E2=88=92
>>> 	<event name=3D"discard" who=3D"${zipper}">
>>> <delete path=3D"${zip}"/>
>>> <dq/>
>>> <dq who=3D"${zipper}"/>
>>> </event>
>>> </q>
>>> =E2=88=92
>>> 	<q id=3D"uploaded">
>>> =E2=88=92
>>> 	<event name=3D"discard" who=3D"${uploader}">
>>> <delete path=3D"${zip}"/>
>>> <dq/>
>>> <dq who=3D"${uploader}"/>
>>> </event>
>>> </q>
>>> </workflow
>>>
>>>
>>>
>>>
>>> --- Alex Vigdor <al...@bi...> wrote:
>>>
>>>> Hi Lalitha,
>>>> 	That error indicates that no files were in the
>> zip.
>>>>  Are you sure
>>>> you were trying to download a non-empty
>> directory?
>>>>
>>>> Cheers,
>>>> 	Alex
>>>>
>>>> On Aug 27, 2007, at 8:41 PM, tom tom wrote:
>>>>
>>
> =3D=3D=3D message truncated =3D=3D=3D
>
>
>
>
> ______________________________________________________________________=20=

> ______________
> Take the Internet to Go: Yahoo!Go puts the Internet in your pocket: =20=

> mail, news, photos & more.
> http://mobile.yahoo.com/go?refer=3D1GNXIC
>