[mapguide-internals] Please review RFC 103
Christine Bao
Christine.Bao at autodesk.com
Wed Jul 14 23:12:34 EDT 2010
Hi Dave,
I agree with you that server side settings should not be updated from Studio. If user wants to update them they need to use Site Admin.
I updated RFC103 https://trac.osgeo.org/mapguide/wiki/MapGuideRfc103 to explain why SetDocument() will not be included.
Thanks & regards,
Christine
-----Original Message-----
From: mapguide-internals-bounces at lists.osgeo.org [mailto:mapguide-internals-bounces at lists.osgeo.org] On Behalf Of Dave Wilson
Sent: Wednesday, July 14, 2010 11:41 PM
To: MapGuide Internals Mail List
Subject: RE: [mapguide-internals] Please review RFC 103
Under what context would you be needing to update the document from a programming perspective that requires a write to impact all of WMS/WFS whose settings likely wouldn't take effect until things are restarted? No where do we expose any server side settings to be updated from Studio. I can see updating the document from Site Admin to update some settings but Site Admin requires Administrator rights.
Dave
-----Original Message-----
From: mapguide-internals-bounces at lists.osgeo.org [mailto:mapguide-internals-bounces at lists.osgeo.org] On Behalf Of Christine Bao
Sent: Wednesday, July 14, 2010 1:50 AM
To: mapguide-internals at lists.osgeo.org
Subject: Re: [mapguide-internals] Please review RFC 103
Hi Jason,
1. Are you sure that SetDocument() requires Administrator privileges? If so it's save to publish it.
2. I copied from another reply:
There is one similar operation in Studio named GetSiteProperties().
It gets information about how long the server has been running, the number of connections, the server's version etc. The information is not from repository.
Similar as GetDocument(), it needs the user information of current connect to open the service:
// Create ServerAdmin object
Ptr<MgServerAdmin> serverAdmin = new MgServerAdmin();
serverAdmin->Open(siteInfo->GetTarget(), m_userInfo);
This call is frequently used in Studio, and I think it works for most user account. So GetDocument should not limit to high privilege user account also.
Thanks & regards,
Christine
From: Jason Birch <jason at jasonbirch.com>
Subject: Re: [mapguide-internals] Please review RFC 103
To: MapGuide Internals Mail List <mapguide-internals at lists.osgeo.org>
Message-ID:
<AANLkTin1ktmcdXUam0x_1yVk6NtyN2J9vewuWsO5PMLy at mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
I would suggest that this kind of request should require author access AND
should not be available through the API at all when authoring is disabled in
webconfig.ini. setDocument should require Administrator privileges.
I am not a big fan of allowing public access to configuration documents,
regardless of the seemingly innocuous nature of the information they
contain.
I guess the Fusion widget info calls access files outside of the repository.
Are there any others?
Jason
On 13 July 2010 16:24, Tom Fukushima wrote:
> Along with SetDocument, what kind of user would be allowed access to this
> file? For example, since the RFC mentions the Studio user perhaps these
> operations only be available to someone with Author (or above) privileges.
> Do we need a way to set security on this document so that we can restrict
> who can access it? I would hope not since that seems like overkill.
>
> Are there any other operations in MGOS that are similar to this (i.e.,
> access documents or information outside of the repository) in behavior?
>
>
_______________________________________________
mapguide-internals mailing list
mapguide-internals at lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/mapguide-internals
_______________________________________________
mapguide-internals mailing list
mapguide-internals at lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/mapguide-internals
More information about the mapguide-internals
mailing list