Community
Participate
Working Groups
Right now authorization rules contain only URIs which can be access by users. They should also contain information which methods are allowed for given URIs.
I have released an initial patch. Now Access Rules in Users.prefs are stored using a slightly changed format. Instead of entries like: [userId]/UserRights=["/workspace/B", "/workspace/B/*"] we have [userId]/UserRights=[{"Method"\:15,"Uri"\:"/workspace/B"},{"Method"\:15,"Uri"\:"/workspace/B/*"}] Method describes which HTTP methods are allowed. See AuthorizationService for details. 15 means all POST, PUT. GET and DELETE methods are allowed.
This was a breaking change to our auth data. Running the server on an existing workspace gives this error: } 15:06:46.339 [2132159132@qtp-391094511-0] ERROR org.mortbay.log - /workspace/A java.lang.ClassCastException: java.lang.String cannot be cast to org.json.JSONObject at org.eclipse.orion.internal.server.servlets.workspace.authorization.AuthorizationService.checkRights(AuthorizationService.java:149) ~[na:na] at org.eclipse.orion.server.configurator.servlet.AuthorizationFilter.doFilter(AuthorizationFilter.java:33) ~[na:na] at org.eclipse.equinox.http.registry.internal.FilterManager$FilterWrapper.doFilter(FilterManager.java:173) ~[na:na] at org.eclipse.equinox.http.servlet.internal.FilterRegistration.doFilter(FilterRegistration.java:71) ~[na:na] at org.eclipse.equinox.http.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:25) ~[na:na] at org.eclipse.orion.server.configurator.servlet.AuthenticationFilter.doFilter(AuthenticationFilter.java:65) ~[na:na] at org.eclipse.equinox.http.registry.internal.FilterManager$FilterWrapper.doFilter(FilterManager.java:173) ~[na:na] at org.eclipse.equinox.http.servlet.internal.FilterRegistration.doFilter(FilterRegistration.java:71) ~[na:na] at org.eclipse.equinox.http.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:25) ~[na:na] at org.eclipse.orion.internal.server.servlets.file.EditSupportFilter.doFilter(EditSupportFilter.java:46) ~[na:na] at org.eclipse.equinox.http.registry.internal.FilterManager$FilterWrapper.doFilter(FilterManager.java:173) ~[na:na] at org.eclipse.equinox.http.servlet.internal.FilterRegistration.doFilter(FilterRegistration.java:71) ~[na:na] at org.eclipse.equinox.http.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:25) ~[na:na] at org.eclipse.orion.server.configurator.servlet.WelcomeFileFilter.doFilter(WelcomeFileFilter.java:37) ~[na:na]
I have entered a separate bug about migrating user right data: bug 335506.
Fixed.