Re: [Hypercontent-users] download zip facility
Brought to you by:
alexvigdor
Menu
▾
▴
Re: [Hypercontent-users] download zip facility
|
From: tom t. <j_l...@ya...> - 2007-08-31 03:08:10
|
Hi,
Can you let me know the location to download with
username and password.
Thanks
--- Alex Vigdor <al...@bi...> wrote:
> Hi,
> OK, you found a real bug there! I checked in the
> fix to
>
>
org.hypercontent.workflow.exec.impl.ZippingExecutable
>
> The bug would have kept anyone who is not an admin
> from downloading a
> zip.
>
> However, users will still only be able to zip files
> and directories
> for which they have read permission. And to be
> clear, this permission:
>
> <permission principal="group:publishers"
> target="/**/" activity="read"/>
>
> does NOT override
>
> <permission principal="group:anybody"
> target="/config/**/" activity="read"
> denied="true"/>
>
> See my explanation again of precedence in
> permissions: more specific
> targets are given higher weight than more specific
> groups. So this
> permission:
>
> <permission principal="group:publishers"
> target="/config/**/" activity="read"/>
>
> DOES override
>
> <permission principal="group:anybody"
> target="/config/**/" activity="read"
> denied="true"/>
>
>
> Cheers,
> Alex
>
>
>
> On Aug 29, 2007, at 11:41 PM, tom tom wrote:
>
> > Hi Alex,
> >
> > I tried many possibilities but failed. see my
> > observations below,
> >
> > I dont want everybody to see the configuration
> > directories, that is why I am having those
> denied=true
> > for those targets, but the thing which I can't
> > understand is as we have the following shouldnt
> this
> > overide the top level permissions.
> >
> > <permission principal="group:publishers"
> > target="/**/" activity="read"/>
> >
> > <permission principal="group:publishers"
> > target="/**/*.*" activity="read"/>
> >
> >
> > As the above failed I did overide all the
> denied=true
> > entries in the publisher group to have the read
> > rights,
> > but that also failed. This is what you
> recommended.
> >
> > In the end I removed all the top denied=true
> entries,
> > e.g
> > <permission principal="group:anybody"
> > target="/config/**/" activity="read"
> denied="true"/>
> >
> > but still it fails.
> >
> > If I go to a specific directory and try to zip
> which
> > has not been restricted, still it shows the same
> > problem.
> >
> > Can you try this in your environment.? I have a
> > feeling something wrong some where, let me know if
> you
> > want to see my zip.xml
> >
> > Thanks,
> >
> >
> >
> >
> >
> >> It could have something to do with your
> permissions
> >> setup. HC has
> >> to resolve conflicting permissions in two ways:
> >> those which have a
> >> more specific target, and those which have a more
> >> specific group. It
> >> evaluates them in that order, so that a more
> >> specific target is
> >> honored over a more specific group. In your
> case,
> >> that means
> >> publishers are inheriting "denied" read
> permissions
> >> for design, xsl,
> >> config and dtd from group:anybody; however if you
> >> assign
> >> group:publishers read for any of those targets,
> the
> >> more specific
> >> group of publishers will take precedence.
> >>
> >> Alex
> >>
> >> On Aug 28, 2007, at 8:18 PM, tom tom wrote:
> >>
> >>> Hi Alex,
> >>>
> >>> Yes it is not a empty directory at all,
> basically
> >> this
> >>> is the very root folder, my intention was to
> >> download
> >>> the entire site as a publisher.
> >>>
> >>> this works fine if I login as a administrator.
> >>>
> >>> But we want to give the download zip feature for
> >>> publishers as well. That is this effort.
> >>>
> >>>
> >>> After the above effort I did login and browse to
> a
> >>> lower directory and tried to download it but
> still
> >> it
> >>> doenst show the link but shows the error which I
> >> sent
> >>> previous email.
> >>>
> >>> Any how I am sending my permissions.xml and
> >> zip.xml
> >>> for your reference
> >>>
> >>> permissions.xml
> >>> <permissions>
> >>> <permission principal="group:anybody"
> >> target="/**/*.*"
> >>> activity="read"/>
> >>> <permission principal="group:anybody"
> >>> target="/config/**/*.*" activity="read"
> >>> denied="true"/>
> >>> <permission principal="group:anybody"
> >>> target="/config/**/" activity="read"
> >> denied="true"/>
> >>> <permission principal="group:anybody"
> >>> target="/design/**/" activity="read"
> >> denied="true"/>
> >>> <permission principal="group:anybody"
> >>> target="/xsl/**/" activity="read"
> denied="true"/>
> >>> <permission principal="group:anybody"
> >>> target="/dtd/**/" activity="read"
> denied="true"/>
> >>> <permission principal="group:anybody"
> >>> target="/workflow-data/**/" activity="read"
> >>> denied="true"/>
> >>> <permission principal="group:authors"
> >> target="/**/"
> >>> activity="read"/>
> >>> <permission principal="group:authors"
> >> target="/**/*.*"
> >>> activity="create"/>
> >>> <permission principal="group:authors"
> >> target="/**/*.*"
> >>> activity="write"/>
> >>> <permission principal="group:authors"
> >> target="/**/*.*"
> >>> activity="delete"/>
> >>> <permission principal="group:authors"
> >> target="/**/"
> >>> activity="build"/>
> >>> <permission principal="group:authors"
> >> target="/**/*.*"
> >>> activity="build"/>
> >>> <permission principal="group:approvers"
> >> target="/**/"
> >>> activity="read"/>
> >>> <permission principal="group:approvers"
> >>> target="/**/*.*" activity="create"/>
> >>> <permission principal="group:approvers"
> >>> target="/**/*.*" activity="write"/>
>
=== message truncated ===
____________________________________________________________________________________
Take the Internet to Go: Yahoo!Go puts the Internet in your pocket: mail, news, photos & more.
http://mobile.yahoo.com/go?refer=1GNXIC
|
