[OGo-XML-RPC] Access modifiers

Adam Tauno Williams xmlrpc@opengroupware.org
Sat, 28 Jan 2006 11:36:12 -0500 

On Thu, 2005-04-07 at 09:13 -0400, Adam Tauno Williams wrote:
> > > Does anyone have any notes or code snippets concerning these methods:
> > > access.operationAllowedOnObjectsForAccess
> > > access.setOperationOnObjectForAccess
> > Did you see:
> >    http://mail.opengroupware.org/pipermail/xmlrpc/2004-July/000213.html
> > and the original message?
> Yes.
> <quote>
> >> is there any way to set the access rights (Zugriffsrechte) with rpc?
> > Looking at the source code I see implementations of
> > bool access.operationAllowedOnObjectsForAccessAction(op, objects, 
> access)
> > bool access.setOperationOnObjectForAccessAction(op, object, access)
> > "op" should be a string like "r" or "rw"
> > "objects" should be an array of strings containing the object-pkeys
> > I think you should pass "None" for "access" (apparently for addressing 
> > specific ACL entries)
> </quote>
> > >  - which I presume are for modifying the access permissions on an
> > > object?
> It just isn't entirely clear to me.
> One always passes "None" to "access"?
> operationAllowedOnObjectsForAccessAction returns true or false IF the
> operation specified in "op" is permitted in all objects listed in
> object?
> Testing with xmlrpc_call never gets me anything but zero -
> $ xmlrpc_call http://throw/RPC2
> 'access.operationAllowedOnObjectsForAccess' 'w' '619730' 'None'
> login:    adam
> password:
> 0
> - would test write access to object 619730 by current user`?
> setOperationOnObjectForAccessAction sets a permission on objects (param
> #2) to the permissions specified in op (param #1)?  And param #3 is
> always "None"?

If one passes "None" to access the routine does not seem to work,  in
the xml-rpc logs there is a -
Jan 28 15:42:17 ogo-xmlrpcd-1.1 [24134]:
<0x08293964[SkyDocumentManager]> WARNING(-[SkyDocumentManager
_globalIDForStringRelativeToBase:]): cannot convert relative URL to gid:
'None'
Jan 28 15:42:17 ogo-xmlrpcd-1.1 [24134]: [WARN]
<0x0832CB24[SkyAccessManager]> -[OGoAccessManager
operation:allowedOnObjectIDs:forAccessGlobalID:]: missing _accountID

However is one passes the id of an account object then this function
DOES WORK.  For instance -
xmlrpc_call http://localhost/RPC2
'access.operationAllowedOnObjectsForAccess' 'r' '18440' '13560'
- checks if account 13560 has "r" permissions on 18440

For op you can pass "r", "w", or "rw",  although if you pass an "rw" you
get -
Jan 28 15:48:35 ogo-xmlrpcd-1.1 [27767]: [WARN]
<0x08341994[OGoCompanyAccessHandler]> operation should be a single char,
got: 'rw'
- in the xml-rpc log even though it still seems to work....
xmlrpc_call http://localhost/RPC2
'access.operationAllowedOnObjectsForAccess' 'rw' '18440' '14540'
0
xmlrpc_call http://localhost/RPC2
'access.operationAllowedOnObjectsForAccess' 'rw' '18440' '10120'
1