OW2 Consortium
Search OW2 Mail Archive: 

Advanced Search - Powered by Google

Mail Archive Home | exoplatform List | June 2008 Index

<--  Date Index  --> <--  Thread Index  -->

[exoplatform] Re: Allowing some users to manage their own users group



On Wed, Jun 4, 2008 at 12:14 PM, KLessou <klessou@xxxxxxxxx> wrote:


On Mon, May 26, 2008 at 3:23 PM, KLessou <klessou@xxxxxxxxx> wrote:


On Fri, May 23, 2008 at 5:19 PM, Patrice Lamarque <patrice.lamarque@xxxxxxxxxxxxxxx> wrote:


On Fri, May 23, 2008 at 4:49 PM, KLessou <klessou@xxxxxxxxx> wrote:


On Fri, May 23, 2008 at 3:29 PM, Patrice Lamarque <patrice.lamarque@xxxxxxxxxxxxxxx> wrote:
I am not sure of what you mean.
If you want to give access to the Community management portlet, then simply add it to a page and grant the page access to whoever you need.

But the user must be member of /platform/administrator:manager, isn't it ?

The portlet requires the jaas role 'admin' (check portlet.xml in admin.war).
With eXo default login module the role 'admin' is granted to members of /platform/administrator independently of their membership.

How can we edit jaas roles ?

we can't ??!!


Yes you can.
JAAS roles are mapped to any groups under /platform (any membership).
Open web.xml of your portal war you will see 'users' security-role. It corresponds to /platform/users
Meaning that if you belong to /platform/users, then you get 'users' jaas role.

So to add new jaas roles, simply add subgroups to /platform. To assign a role to a user, simply add the user to the corresponding group.

If you want to learn how it works, check TomcatAuthenticationListener for code and configuration.xml in exo.portal.server.tomcat.plugin.jar to see how it is configured.

Note that the authentication listener to use depends on the application server (we have listeners for jonas, jboss and websphere also).
The authentication listener is called by ExoBroadcastJaasLoginModule which is a jaas login module that is configured in jaas.conf.


 


 


 

Because when I set this permissions in the Community management portlet :

/platform/administrators manager

/MyGroup manager

Managers from MyGroup cannot access to the portlet


What has let you know that it could work ? Was it a blind guess ?

 



I want to add an administrator who can just add/edit members of MyGroup.
But this administrator will not be able to add/edit users from others groups.


Great feature, that we don't have yet! :)
Could you file a new Feature in JIRA in exo-portal project please ?
http://jira.exoplatform.org/browse/PORTAL



--
Patrice Lamarque
eXo Platform SAS



--
~~~~~
| klessou |
~~~~~



--
~~~~~
| klessou |
~~~~~



--
Patrice Lamarque
eXo Platform SAS

<--  Date Index  --> <--  Thread Index  -->

Reply via email to:

Powered by MHonArc.

Copyright © 2006-2007, OW2 Consortium | contact | webmaster.