incubator-graffito-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christophe Lombart <christophe.lomb...@gmail.com>
Subject Re: graffito-browser edit authorization
Date Fri, 29 Apr 2005 07:32:39 GMT
I see in the log : 

org.apache.portals.graffito.exception.CmsPermissionException: Not
sufficient permission to insert the object

That means the current user has no permission to add a new cms object
in the target folder. By default, only the admin role can manage the
content tree (see the file insert-j2-security.sql).

Either, you add the permissions for other roles, users, groups  from
the Tab "Security" in the Browser portlet (still under dev - should be
finalise in a couple of days ) or directly in the db (see the file
insert-j2-security.sql).

Here is some permission examples : 

1.  /myfolder   read   /role/ruse : the role user can only read  on
/myfolder uri

2. /myfolder/-   all   /group/authors : The goup authors can can makes
all operations from /myfolder (& recursivly in all subfolders).

3. /myfolder/subfolder/* - read, write  /user/christophe : the user
christophe can read & write all objects  found in /myfolder/subfolder.


Christophe


On 4/29/05, Michael Neilly <mneilly@yahoo.com> wrote:
> --- Christophe Lombart <christophe.lombart@gmail.com> wrote:
> > On 4/28/05, Michael Neilly <mneilly@yahoo.com> wrote:
> > >
> > > I'm using the graffito-browser portlet on a page
> > > and I am able to add/edit content as role admin.
> > > How do I allow role user to add/edit content?
> > > I'm still trying to figure out the whole security
> > > scenario but I was under the impression (perhaps
> > > errorneously) that setting the security constraint
> > > in the psml file should be enough.
> >
> > That's should be enough to access to the psml.
> >
> > FYI, I'm working on "fine grained access" within the content tree. By
> > this way, you can filter the content tree  in function of user, group
> > or roles reference.
> > In the edit mode, there is a tab which is managing thoses permissions
> > (still under dev).
> 
> I'm using the public-edit constraint in the psml file.
> 
>     <fragment id="docs-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
>         <fragment id="graffitoBrowser" type="portlet" name="graffito-browser::graffitoBrowser">
>             <property name="row" value="0" layout="OneColumn"/>
>             <property name="column" value="0" layout="OneColumn"/>
>         </fragment>
>     </fragment>
> 
>     <security-constraints>
>         <security-constraints-ref>public-edit</security-constraints-ref>
>     </security-constraints>
> 
> I get the edit icon and can enter information to say
> create a new folder. When I click on save I simply
> get the page back. catalina.out contains the exeception:
> 
> javax.portlet.PortletException: Failed to execute method :folder.save
>         at
> org.apache.portals.graffito.portlets.actions.PortletActionHandler.executePortletAction(PortletActionHandler.java:202)
>         at
> org.apache.portals.graffito.portlets.actions.PortletActionHandler.processAction(PortletActionHandler.java:110)
>         at
> org.apache.portals.graffito.portlets.BrowserPortlet.processAction(BrowserPortlet.java:204)
> .
> .
> .
>         at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
>         at
> org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
>         at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
>         at java.lang.Thread.run(Thread.java:595)
> Caused by: javax.portlet.PortletException: Impossible to save a folder
>         at org.apache.portals.graffito.portlets.actions.FolderAction.save(FolderAction.java:111)
>         ... 70 more
> Caused by: org.apache.portals.graffito.persistence.ContentPersistenceException:
> org.apache.portals.graffito.exception.CmsPermissionException: Not sufficient permission
to insert
> the object
>         at
> org.apache.portals.graffito.persistence.impl.ContentPersistenceServiceImpl.insert(ContentPersistenceServiceImpl.java:130)
>         at
> org.apache.portals.graffito.impl.ContentModelServiceImpl.addFolder(ContentModelServiceImpl.java:115)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>         at java.lang.reflect.Method.invoke(Method.java:585)
>         at
> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:284)
>         at
> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:155)
>         at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:122)
>         at
> org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:56)
>         at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:144)
>         at
> org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:174)
>         at $Proxy9.addFolder(Unknown Source)
>         at org.apache.portals.graffito.portlets.actions.FolderAction.save(FolderAction.java:96)
>         ... 70 more
> Caused by: org.apache.portals.graffito.exception.CmsPermissionException: Not sufficient
permission
> to insert the object
>         at
> org.apache.portals.graffito.store.impl.ojb.GraffitoOJBStore.insert(GraffitoOJBStore.java:383)
>         at
> org.apache.portals.graffito.persistence.impl.ContentPersistenceServiceImpl.insert(ContentPersistenceServiceImpl.java:126)
> 
>

Mime
View raw message