OPEN-XCHANGE
You are here: Community > Mailinglist
General Links
 Download
Help
freshmeat.net
[OX Devel] usr_general_rights and nasi.conf

Evan Ingram evan.ingram at cariss.co.uk
Tue Feb 6 16:32:46 CET 2007 

I kind of understand what i'm doing but i dont think i can put it into
any kind of legible form that someone else would be able to follow :-P

~Evan


Matthew Rubenstein wrote:
> 	Thanks for uncovering and publishing this info on the list. Would you
> please update the Wiki with the folder DB property meanings?
> http://www.open-xchange.org/oxwiki/DatabaseSchema needs a "Folders" page
> linked from it (and an "overall" or something describing how it's all
> related). Something like
> http://www.open-xchange.org/oxwiki/DocumentSchema .
>
> 	The worst part of OX is its documentation, perhaps followed by its DB
> schema full of misleading relics. With documentation of the "skeleton"
> of actually in-use DB properties and relations, work to clean up the
> schema and use it is more possible. Thanks.
>
>
> On Tue, 2007-02-06 at 12:01 +0100, devel-request at open-xchange.org wrote:
>   
>> Date: Mon, 05 Feb 2007 16:33:34 +0000
>> From: Evan Ingram <evan.ingram at cariss.co.uk>
>> Subject: Re: [OX Devel] usr_general_rights and nasi.conf
>> To: For developers <devel at open-xchange.org>
>> Message-ID: <45C75C5E.8090701 at cariss.co.uk>
>> Content-Type: text/plain; charset=UTF-8
>>
>> Evan Ingram wrote:
>>     
>>> Ok, that helps a bit :)
>>>
>>> I'm using webmin to browse the database. In the oxfolder_permissions
>>> table i can see the fields and data but can you tell me how to find
>>>       
>> out
>>     
>>> what the pid's and puid's relate to? Also what the fields fp, orp,
>>>       
>> owp
>>     
>>> and odp relate to.
>>> eg. according to the table, my own user has rights fp-2 orp-4 owp-2
>>> odp-2 (read,create, read, read) on something that has a puid of 1600
>>>       
>> and
>>     
>>> a pid of 1553 and role 1024. How can i find out what that object is?
>>>
>>> thanks
>>> ~Evan
>>>
>>>   
>>>       
>> Ok bit of playing around:
>> fp = folder permissions
>> orp = object read permissions
>> owp = object write permissions
>> odp = object delete permissions
>>
>> Still dont know how to find out what the puid's and pid's actually are
>> though. Are all of these stored in another table somewhere? ie listing
>> all the puid's and the folder name of what they actually are.
>>
>> ~Evan
>>
>>     
>>> Martin Kauss wrote:
>>>   
>>>       
>>>> On Feb 05, 2007 01:56 PM, Evan Ingram <evan.ingram at cariss.co.uk>
>>>>         
>> wrote:
>>     
>>>>   
>>>>     
>>>>         
>>>>> Martin Kauss wrote:
>>>>>     
>>>>>       
>>>>>           
>>>>>> On Feb 05, 2007 12:51 PM, Evan Ingram <evan.ingram at cariss.co.uk>
>>>>>>             
>> wrote:
>>     
>>>>>>   
>>>>>>       
>>>>>>         
>>>>>>             
>>>>>>> Ah ok, so its a relic from the past... :)
>>>>>>>
>>>>>>> So how can i stop users from creating new
>>>>>>>               
>> projects/tasks/appointments
>>     
>>>>>>> etc. I want to create a user that cannot do anything other than
>>>>>>>               
>> read stuff.
>>     
>>>>>>> ~Evan
>>>>>>>
>>>>>>>     
>>>>>>>         
>>>>>>>           
>>>>>>>               
>>>>>> You have to change the folder permissions. Every folder has
>>>>>>             
>> permissions.
>>     
>>>>>> If you click with the right mouse on a folder you get a menu
>>>>>>             
>> where you 
>>     
>>>>>> can see the current permissions ("Properties").
>>>>>> If you want to exclude some users, it makes sense to create a
>>>>>>             
>> group with
>>     
>>>>>> users who have the permissions to create objects and another
>>>>>>             
>> group without
>>     
>>>>>> the permissions. Afterwards you have to change (in the database,
>>>>>> because this can not be done via the frontend) the permissions
>>>>>>             
>> for the
>>     
>>>>>> folders with special permissions. 
>>>>>>
>>>>>>
>>>>>> Regards,
>>>>>>
>>>>>> Martin Kauss
>>>>>>   
>>>>>>       
>>>>>>         
>>>>>>             
>>>>> I thought right clicking on the folder and setting permissions was
>>>>>           
>> used
>>     
>>>>> to allow other users access to your own folders. ie to allow other
>>>>>           
>> users
>>     
>>>>> to create appointments on your calendar etc.
>>>>>
>>>>> Where in the database are the permissions for the folders?
>>>>>
>>>>>
>>>>> ~Evan
>>>>>     
>>>>>       
>>>>>           
>>>> All folder permissions are based on permissions stored in the
>>>>         
>> database.
>>     
>>>> This allows us/you to fulfill such needs you are requesting. Of
>>>>         
>> course,
>>     
>>>> the "normal" behavior is that the users are managing the
>>>>         
>> permissions
>>     
>>>> through the web interface.
>>>>
>>>> The permissions are stored in the table "oxfolder_permissions".
>>>>
>>>>
>>>> More information are available in the Wiki
>>>>         
>> http://www.open-xchange.org/oxwiki/OXFolderFeatures
>>     
>>>> Martin Kauss
>>>>
>>>>
>>>>
>>>>   
>>>>     
>>>>         
>>>>>>   
>>>>>>       
>>>>>>         
>>>>>>             
>>>>>>> Martin Kauss wrote:
>>>>>>>     
>>>>>>>         
>>>>>>>           
>>>>>>>               
>>>>>>>> On Feb 05, 2007 12:09 PM, Evan Ingram
>>>>>>>>                 
>> <evan.ingram at cariss.co.uk> wrote:
>>     
>>>>>>>>   
>>>>>>>>       
>>>>>>>>           
>>>>>>>>             
>>>>>>>>                 
>>>>>>>>> Hi list,
>>>>>>>>>
>>>>>>>>> I've been wanting to create permissions in OX whereby only
>>>>>>>>>                   
>> certain users
>>     
>>>>>>>>> can create objects. I want to lock it down so that they cannot
>>>>>>>>>                   
>> even
>>     
>>>>>>>>> create private objects. I've seen in intranet.conf that for
>>>>>>>>> documents/knowledge/bookmarks/pinboard you can specify one
>>>>>>>>>                   
>> group that is
>>     
>>>>>>>>> allowed to create objects but thats only for those modules. I
>>>>>>>>>                   
>> want a
>>     
>>>>>>>>> similar option for everything else - tasks/projects etc.
>>>>>>>>>
>>>>>>>>> I've noticed that in usr_general_rights table the only fields
>>>>>>>>>                   
>> that i can
>>     
>>>>>>>>> change that have an effect are the ones ending in _r. Changing
>>>>>>>>>                   
>> the
>>     
>>>>>>>>> others (_u and _d) to n doesnt do anything. I also noticed
>>>>>>>>>                   
>> that in
>>     
>>>>>>>>> nasi.conf under the privileges section all the _r fields are
>>>>>>>>>                   
>> specified,
>>     
>>>>>>>>> but there is no mention of the _u or _d fields. Is there a way
>>>>>>>>>                   
>> to modify
>>     
>>>>>>>>> the nasi.conf to make use of the _u and _d fields in the
>>>>>>>>> usr_general_rights table?
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> thanks
>>>>>>>>> ~Evan
>>>>>>>>>
>>>>>>>>> -- 
>>>>>>>>> Evan Ingram
>>>>>>>>>                   
>
>   
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> the nasi.conf and the application just takes care about the *_r
>>>>>>>> settings. The folder permissions replaced the _u and _d
>>>>>>>>                 
>> settings
>>     
>>>>>>>> in the past.
>>>>>>>>
>>>>>>>>
>>>>>>>> Greetings,
>>>>>>>>
>>>>>>>> Martin Kauss
>>>>>>>>                 
>
>   
>>>>>>> Evan Ingram
>>>>>>>               
>
>   
>>>>> Evan Ingram
>>>>>           
>
>   
>> Evan Ingram
>> Technical Engineer
>> CARISS
>>     
>
>   
>> 0870 224 5421
>> www.cariss.co.uk
>>     


-- 
Evan Ingram
Technical Engineer
CARISS
St Augustines Business Centre,
125 Canterbury Road,
Westgate-on-sea,
Kent
CT8 8NL

0870 224 5421
www.cariss.co.uk

CARISS is a trading name of Ask-4-IT Ltd
Company Number - 5374955
VAT Number - 856 1229 22

More information about the Devel mailing list