[opencms-dev] ACL logic

Roberto Melino roberto.melino at regulus.it
Wed Sep 17 16:32:15 CEST 2008 

Thank you Claus, now I understand the meaning of /overwriting inherited/.
I tried to uncheck the write and publish permission over the directory 
to the parent group and I found that it isn't enough: you must unchek 
permission to Users group too, even if it isn't in relation with my 
groups (probably there is an intrinsic relation between Users group and 
groups created by an operator). After this action everything works.
Just a note, in the 6.2.3 version the same login doesn't work!
Bye and thank you again
Roberto

Claus Priisholm wrote:
> Not sure I follow exactly what it is you are trying to do, but 
> remember that explicitly denying a permission is different from 
> removing the permission.
> If you explicitly deny a permission then it cannot be overridden 
> whereas if you remove (uncheck in the UI) a permission on the folder, 
> then you can allow it for a file inside the folder (by checking it in 
> the UI).
>
> Roberto Melino wrote:
>> I've a lot of file in a folder and I need to create a group for every 
>> file to operate (write/publish) on it (one group only on one file).
>> My first idea was to deny actions on parent group of my set of groups 
>> over the container folder and, than, enable for each file the 
>> permission for the owner group. I thought, wrongly, that using the 
>> flag /overwriting inherited/ will modify the denied permissions to 
>> enabled where the group change the permissions from the parent ones. 
>> I learned to my cost that the ACL login doesn't work in that way. The 
>> enabled permissions are overwritten, the denied ones are added.
>> I found on Dan Liliedahl' book /OpenCms 7 Development/ that the way 
>> to obtain the permission behavior that I need is to set enabled and 
>> denied permissions for every group on every file. This solution is 
>> not applicable for me because groups and files change continuously 
>> and are too much to be managed in such a way.
>> Have anyone of you an idea to solve my problem?
>> Thanks in advance.
>> -- 
>> *Roberto Melino*
>>
>>
>> ------------------------------------------------------------------------
>>
>>
>> _______________________________________________
>> This mail is sent to you from the opencms-dev mailing list
>> To change your list options, or to unsubscribe from the list, please 
>> visit
>> http://lists.opencms.org/mailman/listinfo/opencms-dev
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://webmail.opencms.org/pipermail/opencms-dev/attachments/20080917/f67261c1/attachment.htm>

More information about the opencms-dev mailing list