[gold-users] Re: column "g_admin" does not exist

Scott Jackson scott at clusterresources.com
Mon Nov 20 18:15:32 MST 2006


Ale,

Would you mind trying the version I just pointed you at? I tried this on
2.1.0.1 and it worked.

[gold at kahuna ~]$ goldsh RoleUser Query Role==ProjectAdmin
Role         Name
------------ ----
ProjectAdmin ANY

[gold at kahuna gold]$ goldsh RoleAction Query Role==ProjectAdmin
Role         Object      Name Instance
------------ ----------- ---- --------
ProjectAdmin Project     ANY  ADMIN
ProjectAdmin ProjectUser ANY  ADMIN

[gold at kahuna gold]$ goldsh ProjectUser Query Admin==True
Project   Name    Active Admin
--------- ------- ------ -----
chemistry scottmo True   True

[scottmo at kahuna gold]$ gchproject -d blablabla1 chemistry
Successfully modified 1 Projects

[jacksond at kahuna ~]$ gchproject -d blablabla2 chemistry
jacksond is not authorized to perform this function (Project Modify)

Thanks,

Scott

On Mon, 2006-11-20 at 18:07 +0100, Alessandro Federico wrote:
> Scott,
> 
> with gold 2.1.0 I have tried the patches you descibed below
> but the problem still remain...
> 
> Regards,
> Ale
> 
> Scott Jackson wrote:
> > Alessandro,
> > 
> > This is due to a bug in Cache.pm in the associationLookup routine.
> > 
> > Here is the relevant diff:
> > 
> > 525c527
> > <       return $objectNode->getAttribute("Name");
> > ---
> >>       return $objectNode->nodeName();
> > 
> > Let me know if this does not work for you.
> > 
> > After making this change, you will find that the admin still cannot
> > successfully use an admin role to add users to his project.
> > 
> > This has been correct by a fix to Proxy.pm in the authorize routine. I
> > think your best bet is to use the attached file, but I will include the
> > diff if you want to do it manually.
> > 
> > 1104,1121c1104,1105
> > <           # This is an association
> > <           if ($association)
> > <           {
> > <             # Check if there is a ${parent}User assoc for which $actor
> > is member
> > <             my  $membership = Gold::Cache->associationLookup($parent,
> > "User");<     $log->debug("Membership = $membership");
> > <
> > <             if (defined $membership)
> > <             {
> > <               my $results = $self->{_database}->select(object =>
> > $membership, selections => [ new Gold::Selection(name => "Admin") ],
> > conditions => [ new Gold::Condition(name => $parent, value =>
> > $instanceCond), new Gold::Condition(name => "Name", value => $actor) ],
> > chunkNum => 0);
> > <               if (defined ${$results->{data}}[0]->[0] &&
> > ${$results->{data}}[0]->[0] eq "True")
> > <               {
> > <                 next OBJECT;
> > <               }
> > <             }
> > <           }
> > <           # This is not an association
> > <           else
> > ---
> >>           my $membership = Gold::Cache->associationLookup($name,
> > "User");
> >>           if (defined $membership)
> > 1123,1125c1107,1108
> > <             # Check if there is a ${name}User assoc for which $actor
> > is member<             my $membership =
> > Gold::Cache->associationLookup($name, "User");
> > <             if (defined $membership)
> > ---
> >>             my $results = $self->{_database}->select(object =>
> > $membership, selections => [ new Gold::Selection(name => "Admin") ],
> > conditions => [ new Gold::Condition(name => $name, value =>
> > $instanceCond), new Gold::Condition(name => "Name", value => $actor) ],
> > chunkNum => 0);
> >>             if (defined ${$results->{data}}[0]->[0] &&
> > ${$results->{data}}[0]->[0] eq "True")
> > 1127,1131c1110
> > <               my $results = $self->{_database}->select(object =>
> > $membership, selections => [ new Gold::Selection(name => "Admin") ],
> > conditions => [ new Gold::Condition(name => $name, value =>
> > $instanceCond), new Gold::Condition(name => "Name", value => $actor) ],
> > chunkNum => 0);
> > <               if (defined ${$results->{data}}[0]->[0] &&
> > ${$results->{data}}[0]->[0] eq "True")
> > <               {
> > <                 next OBJECT;
> > <               }
> > ---
> >>               next OBJECT;
> > 
> > That should get it to work for the use case cited above with the proper
> > Role, RoleUser and RoleAction lines in place. As you have noticed, the
> > ADMIN Role Instance type has not been exercized much and is not well
> > developed, however, I think it is likely that between the two of us, we
> > can get it working for some simple cases like allowing project admins to
> > add and delete users, etc (Hopefully these two changes will enable that
> > much).
> > 
> > I'm sorry about your problems and I apologize for losing track of your
> > email. I happened to find it in a search on bounced emails. If you are
> > inclined to do so, please subscribe to the gold-users mailing list so
> > your posts don't get bounced.
> > http://www.supercluster.org/mailman/subscribe/gold-users
> > 
> > I hope this helps. Email me directly if you want to continue with this
> > problem if any issues arise.
> > 
> > Thanks,
> > 
> > Scott
> > 
> > 
> > p.s. I can also generate you an updated gold tarball if you would rather
> > just do a full upgrade.
> > 
> > On Tue, 2006-05-30 at 18:27 +0200, Alessandro Federico wrote:
> >> hi!
> >>
> >> with gold-2.0.0.7 i have the following configuration:
> >>
> >> gold at cmslab03:~> goldsh RoleUser Query Role==ProjectAdmin
> >> Role         Name
> >> ------------ --------
> >> ProjectAdmin afederic
> >>
> >> gold at cmslab03:~> goldsh ProjectUser Query Admin==True
> >> Project Name     Active Admin
> >> ------- -------- ------ -----
> >> biology afederic True   True
> >>
> >> when I try to make a change to the biology project
> >> as user afederic, i get the folowing error:
> >>
> >> [afederic at cmslab03 ~]# gchproject -d blablabla biology
> >> DBD::Pg::st execute failed: ERROR:  column "g_admin" does not exist
> >>
> >> Looking at the server log file I have found that the wrong
> >> query is:
> >>
> >> SELECT g_admin FROM g_object WHERE ( g_project='biology' AND
> >> g_name='afederic' ) AND g_deleted!='True';
> >>
> >> For some mistake this SELECT is done on the g_object table
> >> instead of the g_project_user table.
> >>
> >> Does anybody know how to correct this bug?
> >>
> >> thanks
> >>
> >> ale
> >>
> 



More information about the gold-users mailing list