1 Reply Latest reply on Nov 21, 2003 3:58 PM by julien1

    Permissions - component/instance patterns

    chuston

      Need a little help with the permissions. I gather they are stored in the database in the nuke_services_attributes... and modifiable through the nukes/jmx module.

      The security attibute contains lines like so:
      <permission component-pattern="html::" instance-pattern=".*::" level="READ">

      How does one decode the attributes and values?

      I looked at Permission.java in the nukes core source and it appears that these values are arbitrary - they're meant to have three fields separated by colons (:) but the fields don't follow any structure - except those defined by the module implementer.

      Please help me understand these values.

      I found this about PostNukes: (http://noc.postnuke.com/docman/view.php/5/6/Permissions%20for%20Newbies.htm) - does any of this apply?

      Thanks,
      - Chris

        • 1. Re: Permissions - component/instance patterns

          > Need a little help with the permissions. I gather
          > they are stored in the database in the
          > nuke_services_attributes... and modifiable through
          > the nukes/jmx module.

          yes, unless you have time to do a security editor

          >
          > The security attibute contains lines like so:
          > <permission component-pattern="html::"
          &gt; instance-pattern=".*::" level="READ">
          >
          > How does one decode the attributes and values?

          when a component wants to see if it can do something, it does as is : core.secAuthAction("html::", fileId + "::", Level.READ);

          the security code will also traverse all the rules filtered by the user group ID to retain only the rules related to that user.

          for each rule, the component pattern is first matched, if it match then it will try to match the instance pattern. if this is ok it will return true if the level in the rule is lesser or equal than the level given as parameter.
          >

          > I looked at Permission.java in the nukes core source
          > and it appears that these values are arbitrary -
          > they're meant to have three fields separated by
          > colons (:) but the fields don't follow any structure
          > - except those defined by the module implementer.

          yes exactly, these are regular expressions and are a mean to exprimate security, it could be done differently.

          >
          > Please help me understand these values.
          >
          > I found this about PostNukes:
          > (http://noc.postnuke.com/docman/view.php/5/6/Permissio
          > s%20for%20Newbies.htm) - does any of this apply?

          yes, but their implementation is crap and ambigous, however the principles are the same.

          >
          > Thanks,
          > - Chris