Forum OpenACS Q&A: Permissions problem in file-storage?

Collapse
Posted by Esti Alvarez on
Hi!

I'm trying to give a person (or group) admin permissions on a file-storage instance. I've done it via the site-map "permissions" link but this person does not see the "Delete this folder" or "modify permissions on this folder" on the file-storage index page.

If I, as a site-wide-administrator, go to the "modify permissions on this folder" in the file-storage index, and grant the permissions through this link, the permissions are correctly granted.

I other words: the permissions are granted in different object_id's depending if I do it via the site-map or via the file-storage interface. (I think in the first case the object_id is the one of the file-storage instance, and in the second case, it is the one of the folder_id)

I think this is a bug, isn't it? Has somebody else noticed this? Which is the correct way of fixing it?

Collapse
Posted by Richard Hamilton on
Dave Bauer is your man for this one but I suspect that the folder_id is the correct answer because different revisions of an item could have different permissions.

You should be able to navigate the context_id tree using the permissions link from the site-map, and so find the folder_id object to set permissions on. I suspect that the link in file-storage just takes the pain out of finding the correct object to set.

We should probably decide how to tidy this up universally because I think that we are about to create a related problem in project manager if we are not careful.

R.

Collapse
Posted by Malte Sussdorff on
"because different revisions of an item could have different permissions."

I'm all for flexibility, but isn't this a little bit too much granularity for permissions? Shouldn't the permissions be item based instead of revision based?

Collapse
Posted by Esti Alvarez on
I think I found where the problem is: The folder_id has context_id=-100 . If this context_id was equal to the object_id of the file_storage instance, the permissions problem would be solved, wouldn't it?

About Malte's comment on permissions granularity, I also think revision based permissions is a bit overkill.