Hey SO. I'm throwing together a fun little (or not so little) community application. The current permission system is using the users->roles->permissions approach. This all works well until I come to building a forum-ish component, as the current system only allows for a "global" control over the entire board, and not specific forums. ...
Hello, in our new software project, we have the following requirement: A webpage shall show a set of data. This data shall be editable by some users (assigned to roles, i.e. manager), and only viewable by others. The tricky part is described by an example: A User-page consists of address data and account information. The addess data sha...
I could've sworn I've done the tutorial correctly, but I am getting an error message and my aros_acos table is empty. What I've already done: On this page: http://book.cakephp.org/view/646/Creating-ACOs I've run "cake acl create aco root controllers" and it returned "New Aco 'controllers' created.". I've also added "$this->Auth->actio...
I'm trying to lock down a registry key with some important information that must be accessible at the client machine, I do not wan't non-administrators to have access to this key. If you are an admin you'll already be able to do more damage than what I'm storing in the key. What I'm currently looking to do is this: //Allow access only...
Greetings! im pretty new to cakePHP and just starting to use the ACL feature. From the outside it looks quite ok, but when i started using it.. well its not that ok anymore :) Im working on an application with an administration backend in which i need to be able to change group permissions on the fly. I tortured google for quite a whil...
Hello, I want to block a particular file extension acl mp3_ext url_regex s-i *.mp3 Where .mp3 is the file extension Thanks Jean ...
I am working on a web application where different user groups have different access to resources. So far nothing special I guess, but there is a caveat; the application is divided into "domains" so that each of our client organizations has their own content. Here I am using a simpler model to illustrate my problem. Each domain has the...
I would like to use SharePoint web services to retrieve files and folders from a SharePoint document library along with any ACL associated with each. I know I can get the files and folders but I don't know if there is a way to get the ACLs. Is this possible? Thanks ...
Can anyone suggest a scalable design pattern for implementing access control on Photos and Albums, each with individual privacy settings (i.e. owner, group member, public)? I'm using CakePHP, and the examples I have read on the ACL component seem to control access to controller/actions, not objects themselves. It seems to get out of ha...
I have come into the habit of hand-sketching various diagrams for software I create. My software is mostly for the web. I use E-R diagramming for the data logic (model of MVC) , and a personally invented diagram style for the interactions -- what pages lead to which other ones and what do they do, i.e. the views & controllers of MVC. Th...
In several frameworks (symfony/Django), you have admin generators that usually control access via a User table (which assigns a user to a specified Group table). I'm curious, why not simply use MySQL's actual users (with select/read/write access already baked in) instead? ...
I'm attempting to add in an access rule to a RegistryKey like so: using ( RegistryKey registry = OpenOrCreateMyKey() ) { RegistrySecurity security = registry.GetAccessControl(); security.AddAccessRule( new RegistryAccessRule( new SecurityIdentifier( WellKnownSidType.BuiltinUsersSid, null ), RegistryRights.WriteKe...
I have found three possibilities for what is calls an "ACL owner" in the wild: The owner is the protected resource. That's the way EAz goes. The ACL owner is the user whow owns and edits the ACL. (like in java.security.acl.Acl or POSIX ACL) The user owns the protected resource and the protected resource owns the ACL. So the user owns ...
What is the best way to connect an ACL with the protected resource? 1) Should the protected resource hold a reference to its ACL? interface AclHolder { Acl getAcl(); } This would be simple, but if the object lives in a database it has to be constructed before it is possible to check access rights. 2) Spring Security uses a mec...
Where should I best manage a hierarchy of ACLs? I see three possibilities to manage a hierarchy of ACLs: 1) The ACLs themselves manage the hierarchy: class Acl { Acl parent; // ... } 2) Constructing a separate tree structure to manage the hierarchy. 3) Using an already existing hierarchy as the implicit hierarchy for ACLs (like...
I wonder if complete ACLs or only their Access Control Entries (ACE) should be inherited. It would be simple if the children replace the whole ACL, but it would be limitting if only an additional ACE should be added. If ACEs can be inherited, I think I would need negative rights, because otherwise all rights beginning from the root ACL...
Hi there. I'm trying my best to figure out a succinct, straightforward widget, using standard UI widgets available in any toolkit (e.g., checkboxes, radio buttons, or listboxes), that could model a true/false/null value. Why am I trying to do this? I'm storing a tree in a database (go ahead, criticise me for storing hierarchical informa...
Hi I am developing a grails application.In that some cases I want to control the domain class fields based on the role.So that in each call to getter setter method of domain class I want to apply some filter based on role(Logged in user's role).I am assuming that grails will create getter setter method at runtime for the domin classes.S...
I have a class to store unix-like permissions for user, group and other. In principle it is a limited access control list but I don't want to name it ACL, because usually an ACL is something different. The class looks basically like this: class X { boolean userRead, userWrite, userExecute; boolean groupRead, groupWrite, groupExecut...
I'm having a problem where we create a file in temp and then move to our application directory, and we've found that a moved file does not inherit permissions from its new parent folder. I know I could use File.Copy (as creating a new file will inherit the permissions), but for performance reasons we don't want to do this. The site ref...