[giapeto] Permission system broken

Marko Djukic mdjukic at horde.org
Wed Sep 1 01:52:17 PDT 2004


Quoting Roel Gloudemans <roel at gloudemans.info>:

> Hi List,
>
> At the moment (CVS HEAD today) the permission system in Giapeto is broken.
> Wether or not you're  authorized you'll get a permission denied; except for
> admin.

Ok, I see the problem. When you set the permissions in Giapeto, it creates the
perms object as:
"giapeto:pages:<page_id>"

However, Horde checks for authorisation to use giapeto by checking only the
object:
"giapeto"

So even if in Giapeto you give full perms to a user to the home page, they will
still not be able to get into Giapeto itself since Horde doesn't see the root
permission to Giapeto. The workaround is to go into the Horde admin and set the
base permissions as needed, which would be just show/read to default and guest.
Then the rest will be handled by Giapeto.

The best solution would be to get some hierarchy logic into the Horde
permissions, so that e.g. a user with an edit permission for a lower node perms
object should be allowed show/read to the parent nodes.


--
Marko Djukic
Horde Project (http://horde.org)


More information about the giapeto mailing list