Forums / Setup & design / Again: Order of role-assignment

Again: Order of role-assignment

« 
Previous topic
|
Setup & design
|
Next topic
 »
Author Message

Tim Krah

Wednesday 27 October 2004 12:37:35 am

Hi comunity!

I would like to repost my Topic from 16 December 2003, because there were no hints and the problem still exists for me:

I have many different user-groups, each having assigned different roles. If an user exists in more than one group, which role-permissions will be assigned to that user? The 'most strict' permissions supersede the 'looser' permissions? Or will the second role-permission-set overwrite the first role-permission-set, so the order in which the roles will be asigned to a user is important?

Frederik Holljen

Wednesday 27 October 2004 12:43:11 am

You will get the loosest permissions possible. Order does not matter.

Tim Krah

Wednesday 27 October 2004 1:11:03 am

Good to know, thanks for the quick reply!

By the way: is there an in-depth documentation on the role-system?

Frederik Holljen

Wednesday 27 October 2004 1:22:14 am

Documentation will be a priority in the 3.6 release cycle. At the moment we do not have an in depth explanation of the role system.

Paul Borgermans

Wednesday 27 October 2004 2:13:23 am

 You will get the loosest permissions possible. Order does not matter.

Ok that the order does not matter, but loosest permissions?
That's not what I find (3.4-2):

suppose this situation

role (1)   content create & edit class(x) 
           content read class(x) owner(self)

role (2)   content read class(any) subtree(where the objects of class(x) live)
----------------------
group (a) has only role (1)
group (b) has roles (1) and (2)

Wouldn't you expect that group(b) can read all class(x) objects? It isn't :-( , they can oly read their own objects

When i use 

role (1)   content create & edit class(x) 
           content read class(x) owner(self)

role (2)   content read class(x) subtree(where the objects of class(x) live)

Than it works, as i expect for group (b)

Is this intentional or a bug?

regards

-paul

eZ Publish, eZ Find, Solr expert consulting and training
http://twitter.com/paulborgermans

Jan Borsodi

Wednesday 27 October 2004 5:02:49 am

I am not able to reproduce this, I created the example you showed using 3.4 and it worked as it should.
I tested with a different policy order by adding in a array_reverse in the code, still no change in behaviour.

Also looking trough the code I cannot see how this could fail.
It checks one policy at a time, if all limitations of the policy is allowed then the operation is allowed.
If one of the limitations of a policy is not allowed it considers the whole policy as not being allowed.

Could you please retry your example.

--
Amos

Documentation: http://ez.no/ez_publish/documentation
FAQ: http://ez.no/ez_publish/documentation/faq

Paul Borgermans

Wednesday 27 October 2004 5:27:45 am

Yes Amos,

You are right. I found a section limitation (by not including it in an explicit section list with explicit classes) in another role that intervened with this one. Sorry, should have looked more profoundly before posting this.

Thanks for clarifying, I'll look through the code in detail as a kind of constructive self-punishment ;-)

-paul

eZ Publish, eZ Find, Solr expert consulting and training
http://twitter.com/paulborgermans

eZ debug

Timing: Jan 19 2025 09:39:43
Script start
Timing: Jan 19 2025 09:39:43
Module start 'content'
Timing: Jan 19 2025 09:39:44
Module end 'content'
Timing: Jan 19 2025 09:39:44
Script end

Main resources:

Total runtime1.0876 sec
Peak memory usage4,096.0000 KB
Database Queries210

Timing points:

CheckpointStart (sec)Duration (sec)Memory at start (KB)Memory used (KB)
Script start 0.00000.0055 588.9688180.8359
Module start 'content' 0.00550.8170 769.8047673.1719
Module end 'content' 0.82250.2650 1,442.9766341.0938
Script end 1.0876  1,784.0703 

Time accumulators:

 Accumulator Duration (sec) Duration (%) Count Average (sec)
Ini load
Load cache0.00420.3896210.0002
Check MTime0.00150.1406210.0001
Mysql Total
Database connection0.00070.065410.0007
Mysqli_queries0.987990.82562100.0047
Looping result0.00340.31012080.0000
Template Total1.058397.320.5292
Template load0.00190.170720.0009
Template processing1.056497.131820.5282
Template load and register function0.00020.017310.0002
states
state_id_array0.00210.189810.0021
state_identifier_array0.00190.174620.0009
Override
Cache load0.00160.1437430.0000
Sytem overhead
Fetch class attribute can translate value0.00140.126550.0003
Fetch class attribute name0.00110.0997100.0001
XML
Image XML parsing0.00180.166650.0004
class_abstraction
Instantiating content class attribute0.00000.0021120.0000
General
dbfile0.00950.8735410.0002
String conversion0.00000.000530.0000
Note: percentages do not add up to 100% because some accumulators overlap

CSS/JS files loaded with "ezjscPacker" during request:

CacheTypePacklevelSourceFiles
CSS0extension/community/design/community/stylesheets/ext/jquery.autocomplete.css
extension/community_design/design/suncana/stylesheets/scrollbars.css
extension/community_design/design/suncana/stylesheets/tabs.css
extension/community_design/design/suncana/stylesheets/roadmap.css
extension/community_design/design/suncana/stylesheets/content.css
extension/community_design/design/suncana/stylesheets/star-rating.css
extension/community_design/design/suncana/stylesheets/syntax_and_custom_tags.css
extension/community_design/design/suncana/stylesheets/buttons.css
extension/community_design/design/suncana/stylesheets/tweetbox.css
extension/community_design/design/suncana/stylesheets/jquery.fancybox-1.3.4.css
extension/bcsmoothgallery/design/standard/stylesheets/magnific-popup.css
extension/sevenx/design/simple/stylesheets/star_rating.css
extension/sevenx/design/simple/stylesheets/libs/fontawesome/css/all.min.css
extension/sevenx/design/simple/stylesheets/main.v02.css
extension/sevenx/design/simple/stylesheets/main.v02.res.css
JS0extension/ezjscore/design/standard/lib/yui/3.17.2/build/yui/yui-min.js
extension/ezjscore/design/standard/javascript/jquery-3.7.0.min.js
extension/community_design/design/suncana/javascript/jquery.ui.core.min.js
extension/community_design/design/suncana/javascript/jquery.ui.widget.min.js
extension/community_design/design/suncana/javascript/jquery.easing.1.3.js
extension/community_design/design/suncana/javascript/jquery.ui.tabs.js
extension/community_design/design/suncana/javascript/jquery.hoverIntent.min.js
extension/community_design/design/suncana/javascript/jquery.popmenu.js
extension/community_design/design/suncana/javascript/jScrollPane.js
extension/community_design/design/suncana/javascript/jquery.mousewheel.js
extension/community_design/design/suncana/javascript/jquery.cycle.all.js
extension/sevenx/design/simple/javascript/jquery.scrollTo.js
extension/community_design/design/suncana/javascript/jquery.cookie.js
extension/community_design/design/suncana/javascript/ezstarrating_jquery.js
extension/community_design/design/suncana/javascript/jquery.initboxes.js
extension/community_design/design/suncana/javascript/app.js
extension/community_design/design/suncana/javascript/twitterwidget.js
extension/community_design/design/suncana/javascript/community.js
extension/community_design/design/suncana/javascript/roadmap.js
extension/community_design/design/suncana/javascript/ez.js
extension/community_design/design/suncana/javascript/ezshareevents.js
extension/sevenx/design/simple/javascript/main.js

Templates used to render the page:

UsageRequested templateTemplateTemplate loadedEditOverride
1node/view/full.tplfull/forum_topic.tplextension/sevenx/design/simple/override/templates/full/forum_topic.tplEdit templateOverride template
7content/datatype/view/ezxmltext.tpl<No override>extension/community_design/design/suncana/templates/content/datatype/view/ezxmltext.tplEdit templateOverride template
10content/datatype/view/ezxmltags/paragraph.tpl<No override>extension/ezwebin/design/ezwebin/templates/content/datatype/view/ezxmltags/paragraph.tplEdit templateOverride template
5content/datatype/view/ezimage.tpl<No override>extension/sevenx/design/simple/templates/content/datatype/view/ezimage.tplEdit templateOverride template
3content/datatype/view/ezxmltags/literal.tpl<No override>extension/community/design/standard/templates/content/datatype/view/ezxmltags/literal.tplEdit templateOverride template
3content/datatype/view/ezxmltags/line.tpl<No override>design/standard/templates/content/datatype/view/ezxmltags/line.tplEdit templateOverride template
1pagelayout.tpl<No override>extension/sevenx/design/simple/templates/pagelayout.tplEdit templateOverride template
 Number of times templates used: 30
 Number of unique templates used: 7

Time used to render debug report: 0.0001 secs