Setting up privileges using ACLs and Roles/Queues

[dolfiz]

Hi all,

I'm setting up authorizations and prohibitions on some actions through Roles/Queues and, eventually, ACLs. I found this pretty straight forward and easy but I've got some doubts concerning different "rules" that could applies simultaneously and be opposite on their effects.

So, two simple questions:
1- ACLs are expected to be ordered (using their alphanumerical name) and applied one-at-time, so the last could override the previous ones. Am I right?
2- between roles/queues privileges and ACLs is there some similar rule? does privileges obtained through roles on queues more or less "strong" than ACLs?

Thank you in advance,
Luca

[yuri0001]

Hi!
For your first - there in ACL - you have "Stop after match" attribute which stops ACL if condition in Properties is true.

[dolfiz]

Hi!
For your first - there in ACL - you have "Stop after match" attribute which stops ACL if condition in Properties is true.

Good point. I did not remember that.

Thank you to highlight it

[dolfiz]

Hi!
For your first - there in ACL - you have "Stop after match" attribute which stops ACL if condition in Properties is true.

Sorry yuri, but I tried to search the specs of the "Stop after match" attribute, but I can see details only about filters, and not ACL. Are you sure that this attribute exists also for ACL? I can't find examples with it

[yuri0001]

Good evening!
In v.3.3.x you can see it in ACL editor in Edit ACL information - Stop after match checkbox after Description field.

[dolfiz]

Good evening!
In v.3.3.x you can see it in ACL editor in Edit ACL information - Stop after match checkbox after Description field.

Ok. Never used the webapp to create ACLs, always edited Config.pm and added them there (I'm not a fan of webapps, drag&drop et similia... when I can do the same via code, I prefer that way). I'll try to create one via webapp to check that attribute.

Thanks for the help and have a nice evening

[yuri0001]

Hi!
You can use this costruction directly in ACL code in config.pm placing it before last "}" as I remember. Starting from 3.3.x it recommended to place ACL into ACL.pm, not in config.pm. They stored there in XML format. In file Upgrading.md you can read about utility that read config.pm and rebiuld ACL' s stored there in new format and place them in new location.

[dolfiz]

Hi!
You can use this costruction directly in ACL code in config.pm placing it before last "}" as I remember. Starting from 3.3.x it recommended to place ACL into ACL.pm, not in config.pm. They stored there in XML format. In file Upgrading.md you can read about utility that read config.pm and rebiuld ACL' s stored there in new format and place them in new location.

Thanks again yuri, if the preferred location is ACL.pm, then I'll change our behaviour and I'll move them there. This is probably the reason why our ACLs are not shown on the proper web-app panel in the admin section