Forum OpenACS Development: Permisions problem and request for feature

Hi,

I am been doing some permissions lately. For example I have this kind of site

main site
   --sub site 1
          -- file-storage
          -- ticket-tracker
          -- bboard
   --sub site 2
          -- file-storage
          -- ticket-tracker
          -- bboard
   --sub site X
          -- file-storage
          -- ticket-tracker
          -- bboard

It I want to restrict the access to sub site 1 to X. I then remove the inherit from Main site in permissions. Then grant it to a particular group. The problem is file-storage, ticket-tracker, bboard are not children of sub site 1 but Main site. I then have to do the same steps on what I did to sub site 1, remove inheritance and grant inheritance. I have X amount of subsites and it would be hard to go through each file-storage, ttracker and bboard.

Is this really the behavior that we want in the permissions? May be it should inherit the parent node not the root node? As a quick hack is there something like pointing a parent object_id to inherit too? So I will just to the point each file-storage, tticket, bboard to its respective sub site.

Collapse
Posted by Lars Pind on
Jun,

I agree, I'd expect file-storage to inherit from its respective subsite.

You can do it straight n psql/sqlplus, right? "update acs_objects set context_id = ... where object_id = ...". But wait, that breaks the "cache" table. But maybe there's a way to flush that. Don't know.

Collapse
Posted by Don Baccus on
This sounds like a good candidate to change in our "4.5++" release.  Jun ... do you want to enter a ticket for this in the SDM?
Collapse
Posted by Barry Books on
New nodes inherit permissions from the site nodes they are created with. If you go the the main site site map and create folders and subfolders they will all inherit from the main site. If you create subsite1 and go to it's admin/site-map page and create subfolder they will inherit from that subsite.

It would be nice to build into the site map interface the ability to pick what node to inherit from. Sometimes it's better to use the node above you instead of the subsite you are in.

Collapse
Posted by Jun Yamog on
Hi,

I have placed the new feature in the SDM.  Its my first post to the SDM.  Kinda weird because I have done mostly direct email to the module maintainers.  I promise to use the SDM more.

Barry,

I have already tried your suggestion once before posting this question.  Its did not work for me.  So posted this question.  Anyway if your suggestion does work please tell us.  Thanks.

Collapse
Posted by Barry Books on
I run acs4.2 so I guess something has changed. All it did was put the object_id of the subsite you were running into the context_id of the object you created. It seems like it wuold be more difficult to make it work where all nodes get the / context since you'd have to look it up. It would be nice to have a more flexible system. I've found it's better to get the context of the object directly below you whatever it is, but I build deeply nested non public sites with many levels of access control