jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Arne v.Irmer" <Arne.vonIr...@tu-dortmund.de>
Subject Re: Losing rights while going throw a binding
Date Tue, 25 Jan 2011 08:00:27 GMT
Hi,
sorry for the reminding, but what should I do? Thousands of Users do not 
have access to their resources in their home-folders. And I don't have 
an answer and not even an idea why this has happen.
When we started using Jackrabbit in October the bindings were fully 
functioning.

We are using 2.1.1.
Is there a known bug?

Please help.

Yours
  Arne

Am 19.01.2011 17:00, schrieb Arne v.Irmer:
> Hi Angela,
> thanks for your answer.
> Am 18.01.2011 14:16, schrieb Angela Schreiber:
>> hi arne
>>
>>> there is a strange effect with bindings:
>>>
>>> I have a node "/foo/bar" where the user x has read and write 
>>> privileges.
>>> Now I clone this node in the home folder of the user in lets say
>>> "/home/x/bar".
>>> In WebDAV I see the folder but even when I try to list /home/x I got 
>>> the
>>> following message
>>>
>>> 16:29:43,825 INFO [STDOUT] 16:29:43,824 WARN [DavResourceImpl] 
>>> unable to
>>> calculate parent set
>>> javax.jcr.AccessDeniedException: cannot read item
>>> 0299ef42-13ba-4107-b850-f93691710e7c
>>>
>>> In "/home/x/bar" x has the same rights as anonymous. In "/foo/bar" he
>>> has his full access rights.
>>
>> and what about /home/x?
>> as far as i know, the message indicates that not all entries of the 
>> the DAV:parent-set could be accessed... i would guess that x is not 
>> allowed
>> to read the parent node at /home/x
> I tested it with the webdav-client. The user has read access to 
> /home/x and /foo.
>>
>>> How can I transfer the item number to a file path to know what file
>>> causes the AccessDenieException?
>>
>> it's the node identifier... the warning could be nicer...
>> btw: i'm not sure if the log output deserves a warning thought.
>>
>>> How can I easily see what access rights the node has? In WebDAV the
>>> ACL-Information are not to be seen...
>>
>> not really...
> Can I view the ACLs with the standalone-cli?
>>
>>> Do I have to set the access rights to the node, that I have cloned?
>>
>> not necessarily... it depends on your needs. in any case: for the
>> calculation of the DAV:parent-set the current implementation reads
>> the parent of the shared node. setting access rights to the shared
>> node would not help... if read-access to the parent is denied.
> But the user has read-access up to "/"
>
> What can I do know?
> Is there a way to get more informations about the access the user does?
>
> Yours
>  Arne


-- 
Dipl.-Phys. Arne v.Irmer
Senior Developer
Anwendungsentwicklung - ITMC
Technische Universit├Ąt Dortmund
GB V: Raum 301
August Schmidt Str.12
44227 Dortmund
Tel.: ++49 231 755 7127
Fax : ++49 231 755 2731


Mime
View raw message