8 Replies Latest reply on Jul 24, 2007 2:45 AM by andixt

    Permissions per forum

    andixt

      Hello,
      I would like to set up permission to moderate particular forum for particular user. I see there is possible to set up permission only by roles, but no ability to set up permission for moderation by user id or something which will point to this user.

      So, I planned to do following:
      First of all there will be roles "owners", every owner will have its own forum, and only their own forums they will be allowed to moderate.
      So, acl-permission.xml I would like to specify something like this:

      <role name="Owner" id="owner">
       <!-- Moderator Tool permissions -->
       <permission action="moderateForum">
       <criteria for="moderateForum://ui">
      param[0].id.toString().equals(identity.identity.properties.get("user-forum-id"))
      </criteria>
       </permission>
       </role>
      

      Also acl-mapping is edited to in oder to set criteriaid.
      As you see, I'm planning to add for every "owner" user some property (will be set to Map of their properties in User object) which will point to id forum they are allowed to moderate. With this check I hope to get successful results, but as you maybe understood already - it doesn't work :(

      Please, could you show me what am I doing wrong?
      And what language is syntax of this *.xml files? Can in this check be used Maps and other types than just Strings and integers?

        • 1. Re: Permissions per forum
          andixt

          Well. I made a mistake. identity.identity points to org.jboss.security.acl.User while I expected org.jboss.portal.identity.User to be injected into Context.
          But anyway, is there a chance to join forum with particular user(s) from portal?

          • 2. Re: Permissions per forum
            unibrew

            Hi

            Quite extraordinary usecase. I would still recommend creating one role per forum and each of this roles would have one user (or more in future).
            Is there any reason why you can't do it like that ?

            Regards
            ------------------
            Ryszard Kozmik
            JBoss Forums Lead
            JBoss Labs Team

            • 3. Re: Permissions per forum
              andixt

              Thank you for reply.

              The reason is in amount of users. We have two groups of users: owners (who has its own forum to moderate) and clients (who just browse anything). Amount of owners might be 1000 or more (so, forums might be also about 1000 - btw, what about performance?) so I don't think its wise to create for every owner its own role. In addition, I don't know how then I can configure security permissions in .xml file because these forums are created dynamicaly from other application, via ForumModule received from JNDI.

              • 4. Re: Permissions per forum
                andixt

                Last post should be read with "so I don't think its NOT wise to create for every owner its own role. "
                Why I cannot edit my posts?

                • 5. Re: Permissions per forum
                  unibrew

                  Hi

                  "andiXT" wrote:
                  so, forums might be also about 1000 - btw, what about performance?
                  Thankfully I won't be one of those who have to find the forum among this 1000 in which they want to post ;-).
                  If it comes to performance, it shouldn't be a problem till loads of posts will show up. I'm already working hard on performance improvements for version 1.1.0, so don't worry too much.

                  Could you give any clues from the exceptions which arise when using a criteria which you posted above? Also please tell me if you use LDAP and what version of Portal do you use?

                  Regards
                  ------------------
                  Ryszard Kozmik
                  JBoss Forums Lead
                  JBoss Labs Team

                  • 6. Re: Permissions per forum
                    andixt

                     

                    "unibrew" wrote:
                    Hi

                    "andiXT" wrote:
                    so, forums might be also about 1000 - btw, what about performance?
                    Thankfully I won't be one of those who have to find the forum among this 1000 in which they want to post ;-).

                    Actually this problem worrying me too, but I'm planning to remove links to upper categories and index page of forum, and users will be prompted directly to forum they should post. They will not be able to jump to other forums except this one.

                    If it comes to performance, it shouldn't be a problem till loads of posts will show up. I'm already working hard on performance improvements for version 1.1.0, so don't worry too much.

                    Glad to hear :) Actually I'm worrying about this problem because of Jboss Portal performance, when it has more than 1000 portals then its performance becomes very sloooow....

                    Could you give any clues from the exceptions which arise when using a criteria which you posted above? Also please tell me if you use LDAP and what version of Portal do you use?

                    I'm using Portal v2.4.1, I'm afraid I'm not using LDAP.
                    Well, the main purpose of that criterias is to allow to moderate particular forum particular person(s). Since I'm creating forum dynamically, I'm able to put to user properties table ID of forum he is allowed to moderate. Later in criteria it would be great to check if forum ID equals to ID in portal user properties map and then give access to moderate forum.
                    Actually there is better way how to organize this. There should be permissions table where we could specify permissions per forum for different users. For my purposes it would be enough to have method which checks if ID of portal user is in set of IDs allowed to moderate this forum.
                    Well, since sources are available I could do it by myself, but I'm wondering if there is standart way to organize this (except roles for every forum).

                    • 7. Re: Permissions per forum
                      unibrew

                       

                      "andiXT" wrote:
                      Actually I'm worrying about this problem because of Jboss Portal performance, when it has more than 1000 portals then its performance becomes very sloooow....
                      I bet that nobody expected that someone will create 1000 portal instances. As this is extraordinary situation you probably should tune secondary level cache settings for Portal's hibernate entities as they are probably not set for such a use. Just a guess, check it.

                      "andiXT" wrote:
                      I'm using Portal v2.4.1, I'm afraid I'm not using LDAP.
                      Cool.

                      <role name="Owner" id="owner">
                       <!-- Moderator Tool permissions -->
                       <permission action="moderateForum">
                       <criteria for="moderateForum://ui">
                      param[0].id.toString().equals(identity.identity.properties.get("user-forum-id"))
                      </criteria>
                       </permission>
                       </role>
                      
                      Could you also tell me what exceptions or what happens when you try this criteria?

                      Regards
                      ------------------
                      Ryszard Kozmik
                      JBoss Forums Lead
                      JBoss Labs Team

                      • 8. Re: Permissions per forum
                        andixt

                         


                        <role name="Owner" id="owner">
                         <!-- Moderator Tool permissions -->
                         <permission action="moderateForum">
                         <criteria for="moderateForum://ui">
                        param[0].id.toString().equals(identity.identity.properties.get("user-forum-id"))
                        </criteria>
                         </permission>
                         </role>
                        
                        Could you also tell me what exceptions or what happens when you try this criteria?


                        Ah, I didn't get your question. NullPointerException happens. Because identity.identity has only userName and no properties passed from portal.
                        I'm afraid its not possible to do this with criteria currently, it looks like it requires changing of business logic.