Assign Roles to user without CMS Admin Role
25 views
Skip to first unread message
Gustavo Javier Ruiz Santicchio
Oct 14, 2011, 6:51:53 PM10/14/11
to dotCMS User Group
Hi everybody,
I need to assign a role to new users from a another user that not have
a CMS Admin role, although this user have all given permissions on
host.
In the documentation says only a user with CMS Admin role can assign
new roles to a user, is this correct? to obtain this functionality i
need to develop a plugin who extends that? Which struts action i need
to extend?
Thanks for any help in advance.
I need to assign a role to new users from a another user that not have
a CMS Admin role, although this user have all given permissions on
host.
In the documentation says only a user with CMS Admin role can assign
new roles to a user, is this correct? to obtain this functionality i
need to develop a plugin who extends that? Which struts action i need
to extend?
Thanks for any help in advance.
Will Ezell
Oct 17, 2011, 10:52:15 AM10/17/11
to dot...@googlegroups.com
Any user with permissions to the Roles portlet can assign roles, I believe. What dotCMS does not (yet) support is distributed role management, where you can grant a user the permission to provision users only on certain hosts.
Will
----
Will Ezell
http://dotcms.com
phone: 305.858.1422 ext. 286
direct: (978) 294-9429
skype: wezell1
Will
----
Will Ezell
http://dotcms.com
phone: 305.858.1422 ext. 286
direct: (978) 294-9429
skype: wezell1
--
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.
To post to this group, send email to dot...@googlegroups.com.
To unsubscribe from this group, send email to dotcms+un...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/dotcms?hl=en.
Gustavo Javier Ruiz Santicchio
Oct 18, 2011, 12:23:33 AM10/18/11
to dotCMS User Group
Hi Will, i create a new user, assigned to a Role with permissions to
the Admin Roles Tab, that role has edit permissions on host, but i
can't assign any role with that user to other users.
For example, my new user XX has Role YY with full permissions in a
host and access to adm roles tab.
If i can assign a role ZZ to a new user WW i receive this exception:
(what i'm doing wrong? with the Admin User i could obviously)
com.dotmarketing.exception.DotSecurityException: The User being passed
in doesn't have permission to requested User
at
com.dotmarketing.business.UserAPIImpl.loadUserById(UserAPIImpl.java:
49)
at
com.dotmarketing.business.ajax.RoleAjax.addUserToRole(RoleAjax.java:
219)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:
25)
at java.lang.reflect.Method.invoke(Method.java:597)
at
org.directwebremoting.impl.ExecuteAjaxFilter.doFilter(ExecuteAjaxFilter.java:
34)
at org.directwebremoting.impl.DefaultRemoter
$1.doFilter(DefaultRemoter.java:428)
at
org.directwebremoting.impl.DefaultRemoter.execute(DefaultRemoter.java:
431)
at
org.directwebremoting.impl.DefaultRemoter.execute(DefaultRemoter.java:
283)
at
org.directwebremoting.servlet.PlainCallHandler.handle(PlainCallHandler.java:
52)
at
org.directwebremoting.servlet.UrlProcessor.handle(UrlProcessor.java:
101)
at org.directwebremoting.servlet.DwrServlet.doPost(DwrServlet.java:
146)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:
290)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:
206)
at com.dotmarketing.filters.CMSFilter.doFilter(CMSFilter.java:137)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:
235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:
206)
at
com.dotmarketing.filters.AutoLoginFilter.doFilter(AutoLoginFilter.java:
60)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:
235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:
206)
at
com.dotmarketing.filters.CacheImagesFilter.doFilter(CacheImagesFilter.java:
47)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:
235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:
206)
at
com.dotmarketing.cms.urlmap.filters.URLMapFilter.doFilter(URLMapFilter.java:
313)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:
235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:
206)
at
com.dotmarketing.filters.CharsetEncodingFilter.doFilter(CharsetEncodingFilter.java:
140)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:
235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:
206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:
233)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:
191)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:
465)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:
127)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:
102)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:
109)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:
555)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:
298)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:
852)
at org.apache.coyote.http11.Http11Protocol
$Http11ConnectionHandler.process(Http11Protocol.java:588)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:
489)
at java.lang.Thread.run(Thread.java:662)
Thanks.
Gustavo
On 17 oct, 11:52, Will Ezell <w...@dotcms.com> wrote:
> Any user with permissions to the Roles portlet can assign roles, I believe.
> What dotCMS does not (yet) support is distributed role management, where
> you can grant a user the permission to provision users only
> on certain hosts.
>
> Will
>
> ----
> Will Ezellhttp://dotcms.com
> phone: 305.858.1422 ext. 286
> direct: (978) 294-9429 <https://www.google.com/voice/b/0?pli=1#phones>
the Admin Roles Tab, that role has edit permissions on host, but i
can't assign any role with that user to other users.
For example, my new user XX has Role YY with full permissions in a
host and access to adm roles tab.
If i can assign a role ZZ to a new user WW i receive this exception:
(what i'm doing wrong? with the Admin User i could obviously)
com.dotmarketing.exception.DotSecurityException: The User being passed
in doesn't have permission to requested User
at
com.dotmarketing.business.UserAPIImpl.loadUserById(UserAPIImpl.java:
49)
at
com.dotmarketing.business.ajax.RoleAjax.addUserToRole(RoleAjax.java:
219)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:
25)
at java.lang.reflect.Method.invoke(Method.java:597)
at
org.directwebremoting.impl.ExecuteAjaxFilter.doFilter(ExecuteAjaxFilter.java:
34)
at org.directwebremoting.impl.DefaultRemoter
$1.doFilter(DefaultRemoter.java:428)
at
org.directwebremoting.impl.DefaultRemoter.execute(DefaultRemoter.java:
431)
at
org.directwebremoting.impl.DefaultRemoter.execute(DefaultRemoter.java:
283)
at
org.directwebremoting.servlet.PlainCallHandler.handle(PlainCallHandler.java:
52)
at
org.directwebremoting.servlet.UrlProcessor.handle(UrlProcessor.java:
101)
at org.directwebremoting.servlet.DwrServlet.doPost(DwrServlet.java:
146)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:
290)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:
206)
at com.dotmarketing.filters.CMSFilter.doFilter(CMSFilter.java:137)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:
235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:
206)
at
com.dotmarketing.filters.AutoLoginFilter.doFilter(AutoLoginFilter.java:
60)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:
235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:
206)
at
com.dotmarketing.filters.CacheImagesFilter.doFilter(CacheImagesFilter.java:
47)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:
235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:
206)
at
com.dotmarketing.cms.urlmap.filters.URLMapFilter.doFilter(URLMapFilter.java:
313)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:
235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:
206)
at
com.dotmarketing.filters.CharsetEncodingFilter.doFilter(CharsetEncodingFilter.java:
140)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:
235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:
206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:
233)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:
191)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:
465)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:
127)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:
102)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:
109)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:
555)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:
298)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:
852)
at org.apache.coyote.http11.Http11Protocol
$Http11ConnectionHandler.process(Http11Protocol.java:588)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:
489)
at java.lang.Thread.run(Thread.java:662)
Thanks.
Gustavo
On 17 oct, 11:52, Will Ezell <w...@dotcms.com> wrote:
> Any user with permissions to the Roles portlet can assign roles, I believe.
> What dotCMS does not (yet) support is distributed role management, where
> you can grant a user the permission to provision users only
> on certain hosts.
>
> Will
>
> ----
> phone: 305.858.1422 ext. 286
> direct: (978) 294-9429 <https://www.google.com/voice/b/0?pli=1#phones>
Will Ezell
Oct 18, 2011, 9:09:30 AM10/18/11
to dot...@googlegroups.com
Ah, I see. Then the first assumption is correct - like many other objects in the system, users are actually "Permissionable" meaning that it will take a certain role to be able to permission them correctly. Unlike other objects in the system, we do not have a UI to "permission" users, which means that only users with the CMS_Admin role can do so.
Will
----
Will Ezell
This will be changing in a future version of dotCMS, when users actually become a type of content, but until then, I think that the system only supports CMS_Admins managing users.
Will
----
Will Ezell
skype: wezell1
Reply all
Reply to author
Forward
0 new messages