[opencms-dev] Question regarding permissions (possible bug)

Shi Yusen shiys at langhua.cn
Thu Jun 16 10:27:15 CEST 2005 

I also think it's a bug. I changed the following code to make the permission setting right for me (6.0 beta 3):

org.opencms.security.CmsAccessControlList.java
    public CmsPermissionSetCustom getPermissions(CmsUser user, List groups) {

        CmsPermissionSetCustom sum = new CmsPermissionSetCustom();
        ListIterator pIterator = null;
        if (groups != null) {
            pIterator = groups.listIterator();
        }
        I_CmsPrincipal principal = user;
        
        do {
            CmsPermissionSet permissions = (CmsPermissionSet)m_permissions.get(principal.getId());
            if (permissions != null) {
                sum.addPermissions(permissions);
            }
            if (pIterator != null && pIterator.hasNext()) {
                principal = (I_CmsPrincipal)pIterator.next();
            } else {
                principal = null;
            }
        } while (principal != null);

        // added by langhua ltd.
        if (sum.getAllowedPermissions() > 0)
            sum.setPermissions(sum.getAllowedPermissions(), 0);
        
        return sum;
    }

Shi Yusen/Beijing Langhua Ltd.
----- Original Message ----- 
From: "Sebastian Himberger" <sebastian.himberger at gmx.de>
To: "The OpenCms mailing list" <opencms-dev at opencms.org>
Sent: Tuesday, May 31, 2005 8:43 PM
Subject: [opencms-dev] Question regarding permissions (possible bug)


> Hi Devs,
> 
> i'have a user wich has "read" and "view" permissions on a site. What 
> confuses me is, that he can access most contex-menus and the "new" menu 
> although he is not allowed to modify anything. He can even insert 
> something in the dialogs but his changes are not committed. It seems to 
> me that the permissions-code is not complete or is this the desired 
> behaviour? IMHO having these permissions should result in:
> 
> * Disabling the context-menus: Lock / Edit Page / Edit Sourcecode / 
> Rename / Delete / Touch / Change Type / Edit controlcode
> * Making the context-menus read only: Change navigation, Properties, 
> History, Permissions, Secure/Export
> * Disabling the "new" button (haven't tested the "upload"-button)
> * Eventually display a note on read only menus regarding the missing 
> permissions
> 
> It also seems that setting permissions on views is not working or is 
> this normal?
> I've encountered these errors in beta 3 and also tested most of them in RC1.
> 
> I would be glad on any feedback regarding this question.
> 
> If i'm misunderstanding some concept please give me a hint.
> 
> best regards
> Sebastian Himberger
> 
>  
> 
> 
> 
> 
> 
>

More information about the opencms-dev mailing list