Re: [Hypercontent-users] download zip facility
Brought to you by:
alexvigdor
Menu
▾
▴
Re: [Hypercontent-users] download zip facility
|
From: Alex V. <al...@bi...> - 2007-08-31 14:01:37
|
You can get it using CVS with anonymous access, or from the CVS web browser at http://hypercontent.cvs.sourceforge.net/hypercontent/hypercontent2/ source/org/hypercontent/workflow/exec/impl/ZippingExecutable.java Alex On Aug 30, 2007, at 11:08 PM, tom tom wrote: > Hi, > > Can you let me know the location to download with > username and password. > > Thanks > > --- Alex Vigdor <al...@bi...> wrote: > >> Hi, >> OK, you found a real bug there! I checked in the >> fix to >> >> > org.hypercontent.workflow.exec.impl.ZippingExecutable >> >> The bug would have kept anyone who is not an admin >> from downloading a >> zip. >> >> However, users will still only be able to zip files >> and directories >> for which they have read permission. And to be >> clear, this permission: >> >> <permission principal="group:publishers" >> target="/**/" activity="read"/> >> >> does NOT override >> >> <permission principal="group:anybody" >> target="/config/**/" activity="read" >> denied="true"/> >> >> See my explanation again of precedence in >> permissions: more specific >> targets are given higher weight than more specific >> groups. So this >> permission: >> >> <permission principal="group:publishers" >> target="/config/**/" activity="read"/> >> >> DOES override >> >> <permission principal="group:anybody" >> target="/config/**/" activity="read" >> denied="true"/> >> >> >> Cheers, >> Alex >> >> >> >> On Aug 29, 2007, at 11:41 PM, tom tom wrote: >> >>> Hi Alex, >>> >>> I tried many possibilities but failed. see my >>> observations below, >>> >>> I dont want everybody to see the configuration >>> directories, that is why I am having those >> denied=true >>> for those targets, but the thing which I can't >>> understand is as we have the following shouldnt >> this >>> overide the top level permissions. >>> >>> <permission principal="group:publishers" >>> target="/**/" activity="read"/> >>> >>> <permission principal="group:publishers" >>> target="/**/*.*" activity="read"/> >>> >>> >>> As the above failed I did overide all the >> denied=true >>> entries in the publisher group to have the read >>> rights, >>> but that also failed. This is what you >> recommended. >>> >>> In the end I removed all the top denied=true >> entries, >>> e.g >>> <permission principal="group:anybody" >>> target="/config/**/" activity="read" >> denied="true"/> >>> >>> but still it fails. >>> >>> If I go to a specific directory and try to zip >> which >>> has not been restricted, still it shows the same >>> problem. >>> >>> Can you try this in your environment.? I have a >>> feeling something wrong some where, let me know if >> you >>> want to see my zip.xml >>> >>> Thanks, >>> >>> >>> >>> >>> >>>> It could have something to do with your >> permissions >>>> setup. HC has >>>> to resolve conflicting permissions in two ways: >>>> those which have a >>>> more specific target, and those which have a more >>>> specific group. It >>>> evaluates them in that order, so that a more >>>> specific target is >>>> honored over a more specific group. In your >> case, >>>> that means >>>> publishers are inheriting "denied" read >> permissions >>>> for design, xsl, >>>> config and dtd from group:anybody; however if you >>>> assign >>>> group:publishers read for any of those targets, >> the >>>> more specific >>>> group of publishers will take precedence. >>>> >>>> Alex >>>> >>>> On Aug 28, 2007, at 8:18 PM, tom tom wrote: >>>> >>>>> Hi Alex, >>>>> >>>>> Yes it is not a empty directory at all, >> basically >>>> this >>>>> is the very root folder, my intention was to >>>> download >>>>> the entire site as a publisher. >>>>> >>>>> this works fine if I login as a administrator. >>>>> >>>>> But we want to give the download zip feature for >>>>> publishers as well. That is this effort. >>>>> >>>>> >>>>> After the above effort I did login and browse to >> a >>>>> lower directory and tried to download it but >> still >>>> it >>>>> doenst show the link but shows the error which I >>>> sent >>>>> previous email. >>>>> >>>>> Any how I am sending my permissions.xml and >>>> zip.xml >>>>> for your reference >>>>> >>>>> permissions.xml >>>>> <permissions> >>>>> <permission principal="group:anybody" >>>> target="/**/*.*" >>>>> activity="read"/> >>>>> <permission principal="group:anybody" >>>>> target="/config/**/*.*" activity="read" >>>>> denied="true"/> >>>>> <permission principal="group:anybody" >>>>> target="/config/**/" activity="read" >>>> denied="true"/> >>>>> <permission principal="group:anybody" >>>>> target="/design/**/" activity="read" >>>> denied="true"/> >>>>> <permission principal="group:anybody" >>>>> target="/xsl/**/" activity="read" >> denied="true"/> >>>>> <permission principal="group:anybody" >>>>> target="/dtd/**/" activity="read" >> denied="true"/> >>>>> <permission principal="group:anybody" >>>>> target="/workflow-data/**/" activity="read" >>>>> denied="true"/> >>>>> <permission principal="group:authors" >>>> target="/**/" >>>>> activity="read"/> >>>>> <permission principal="group:authors" >>>> target="/**/*.*" >>>>> activity="create"/> >>>>> <permission principal="group:authors" >>>> target="/**/*.*" >>>>> activity="write"/> >>>>> <permission principal="group:authors" >>>> target="/**/*.*" >>>>> activity="delete"/> >>>>> <permission principal="group:authors" >>>> target="/**/" >>>>> activity="build"/> >>>>> <permission principal="group:authors" >>>> target="/**/*.*" >>>>> activity="build"/> >>>>> <permission principal="group:approvers" >>>> target="/**/" >>>>> activity="read"/> >>>>> <permission principal="group:approvers" >>>>> target="/**/*.*" activity="create"/> >>>>> <permission principal="group:approvers" >>>>> target="/**/*.*" activity="write"/> >> > === message truncated === > > > > > ______________________________________________________________________ > ______________ > Take the Internet to Go: Yahoo!Go puts the Internet in your pocket: > mail, news, photos & more. > http://mobile.yahoo.com/go?refer=1GNXIC > |
