[opencms-dev] OpenCms 7.5.1+: more granular permission system

Schliemann, Kai K.Schliemann at comundus.com
Mon Dec 7 14:31:17 CET 2009 

Hi Roman, hi Michael,
I meant it exactly as Roman understood it.

But Michael, I am heavily confused. 
The class CmsPermissionSet says: 
@link CmsPermissionSet#PERMISSION_CONTROL} (c) the right to set permissions of a resource

Is there some kind of double usage of the +c / -c flag?
1. when set as permission in the workplace and
2. when set in opencms-workplace.xml?

By the way. When setting permissions on a folder, the write permission is shown twice (see screenshot). Seems to be a bug.

Regards
Kai

-----Ursprüngliche Nachricht-----
Von: opencms-dev-bounces at opencms.org [mailto:opencms-dev-bounces at opencms.org] Im Auftrag von Roman Uhlig Maxity.de
Gesendet: Montag, 7. Dezember 2009 13:04
An: The OpenCms mailing list
Betreff: Re: [opencms-dev] OpenCms 7.5.1+: more granular permission system

 
Michael,

I guess he meant in the workplace, possible to define for particular folders or other resources. At least I did. ;)

Regards,
Roman


-----Ursprüngliche Nachricht-----
Von: opencms-dev-bounces at opencms.org [mailto:opencms-dev-bounces at opencms.org] Im Auftrag von Michael Moossen
Gesendet: Montag, 7. Dezember 2009 12:48
An: The OpenCms mailing list
Betreff: Re: [opencms-dev] OpenCms 7.5.1+: more granular permission system

Hi Kai, Achim!

already the permissions to create a resource can be configured 
separately in the explorer type configuration of the resource type.

for instance, here for jsp files in the opencms-workplace.jsp:
----
<explorertype name="jsp" key="fileicon.jsp" icon="jsp.gif">
    <newresource uri="newresource.jsp?newresourcetype=jsp" order="50" 
autosetnavigation="false" autosettitle="false" info="desc.jsp" />
     <accesscontrol>
        <accessentry principal="DEFAULT" permissions="+r+v"/>
        <accessentry principal="ROLE.DEVELOPER" permissions="+r+v+w+c"/>
        <accessentry principal="GROUP.Guests" permissions="-r-v-w-c"/>
     </accesscontrol>
----

here +c means can create new jsp files.
and -c means the principal is not allowed to create new jsp files.

HTH
-------------------
Michael Moossen

Alkacon Software GmbH  - The OpenCms Experts
http://www.alkacon.com - http://www.opencms.org

Achim Westermann schrieb:
> Hi Kai,
> 
> I am just curious: Why wouldn't you let the core work on OpenCms not just be done by Alkacon as a subcontractor. Those guys really know what 
> they are doing (and therefore fast) and keep in mind to stay generic and downward compatible enough for other customers.
> 
> Furthermore: OK, that feature sounds good. I appreciate that you would share this. But keep in mind that Alkacon had to review your code and 
> discuss with you... without getting any funding for this task.
> 
> kind regards,
> 
> Achim
> 
> 
> 
> Schliemann, Kai wrote:
>> Dear list,
>>
>> By now OpenCms just gives us the possibility to set the permission to 
>> "write" which means a user can create, edit and delete a resource.
>>
>> One of our customers wants OpenCms to have a more granular permission 
>> system.
>>
>> They want to split up the "write" permission into "create", "edit" and 
>> "delete" permissions.
>>
>> As we are most likely going to implement this into OpenCms, we are 
>> interested if
>>
>> 1.       this is a feature which would be an enhancement for all OpenCms 
>> users and therefore should be part of a future release?
>>
>> 2.       anyone else thought about implementing it and wants to share 
>> her / his experience?
>>
>> 3.       anyone could think of other enhancements for the OpenCms 
>> permission system?
>>
>> 4.       Alkacon has plans to change the permission system in this or 
>> another  direction?
>>
>>  
>>
>> Looking forward to interesting responses.
>>
>>  
>>
>> *Best regards*
>>
>> _________________________________________
>>
>>   
>>
>> *Kai Schliemann*
>>
>> Senior IT-Berater
>>
>>    
>>
>> *comundus GmbH*
>>
>> Schüttelgrabenring 3, D-71332 Waiblingen
>>
>> Telefon +49 7151-50028-0
>>
>> E-Mail k.schliemann at comundus.com <mailto:g.maas at comundus.com>
>>
>> Internet www.comundus.com <http://www.comundus.com/>
>>
>>  
>>
>> Geschäftsführer Klaus Hillemeier  
>>
>> Amtsgericht Stuttgart, HRB 264290
>>
>>         
>>
>> comundus ist ein Unternehmen der IT EXCELLENCE Group
>>
>> _________________________________________
>>
>>  
>>
>> *service***
>>
>> 	
>>
>>  
>>
>>  
>>
>> Die Kundenzufriedenheit bei comundus wieder verbessert -
>> Durchschnittsnote jetzt 1,7.
>>
>> * *
>>
>>  
>>
>>  
>>
>>
>> ------------------------------------------------------------------------
>>
>>
>> _______________________________________________
>> This mail is sent to you from the opencms-dev mailing list
>> To change your list options, or to unsubscribe from the list, please visit
>> http://lists.opencms.org/mailman/listinfo/opencms-dev
> 
> 
> _______________________________________________
> This mail is sent to you from the opencms-dev mailing list
> To change your list options, or to unsubscribe from the list, please visit
> http://lists.opencms.org/mailman/listinfo/opencms-dev

_______________________________________________
This mail is sent to you from the opencms-dev mailing list
To change your list options, or to unsubscribe from the list, please visit
http://lists.opencms.org/mailman/listinfo/opencms-dev

_______________________________________________
This mail is sent to you from the opencms-dev mailing list
To change your list options, or to unsubscribe from the list, please visit
http://lists.opencms.org/mailman/listinfo/opencms-dev
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bug-permission-in-workplace-7.5.1.gif
Type: image/gif
Size: 22878 bytes
Desc: bug-permission-in-workplace-7.5.1.gif
URL: <https://webmail.opencms.org/pipermail/opencms-dev/attachments/20091207/64328dda/attachment.gif>

More information about the opencms-dev mailing list