[gold-users] Re: column "g_admin" does not exist
Scott Jackson
scott at clusterresources.com
Mon Nov 20 18:15:32 MST 2006
Ale,
Would you mind trying the version I just pointed you at? I tried this on
2.1.0.1 and it worked.
[gold at kahuna ~]$ goldsh RoleUser Query Role==ProjectAdmin
Role Name
------------ ----
ProjectAdmin ANY
[gold at kahuna gold]$ goldsh RoleAction Query Role==ProjectAdmin
Role Object Name Instance
------------ ----------- ---- --------
ProjectAdmin Project ANY ADMIN
ProjectAdmin ProjectUser ANY ADMIN
[gold at kahuna gold]$ goldsh ProjectUser Query Admin==True
Project Name Active Admin
--------- ------- ------ -----
chemistry scottmo True True
[scottmo at kahuna gold]$ gchproject -d blablabla1 chemistry
Successfully modified 1 Projects
[jacksond at kahuna ~]$ gchproject -d blablabla2 chemistry
jacksond is not authorized to perform this function (Project Modify)
Thanks,
Scott
On Mon, 2006-11-20 at 18:07 +0100, Alessandro Federico wrote:
> Scott,
>
> with gold 2.1.0 I have tried the patches you descibed below
> but the problem still remain...
>
> Regards,
> Ale
>
> Scott Jackson wrote:
> > Alessandro,
> >
> > This is due to a bug in Cache.pm in the associationLookup routine.
> >
> > Here is the relevant diff:
> >
> > 525c527
> > < return $objectNode->getAttribute("Name");
> > ---
> >> return $objectNode->nodeName();
> >
> > Let me know if this does not work for you.
> >
> > After making this change, you will find that the admin still cannot
> > successfully use an admin role to add users to his project.
> >
> > This has been correct by a fix to Proxy.pm in the authorize routine. I
> > think your best bet is to use the attached file, but I will include the
> > diff if you want to do it manually.
> >
> > 1104,1121c1104,1105
> > < # This is an association
> > < if ($association)
> > < {
> > < # Check if there is a ${parent}User assoc for which $actor
> > is member
> > < my $membership = Gold::Cache->associationLookup($parent,
> > "User");< $log->debug("Membership = $membership");
> > <
> > < if (defined $membership)
> > < {
> > < my $results = $self->{_database}->select(object =>
> > $membership, selections => [ new Gold::Selection(name => "Admin") ],
> > conditions => [ new Gold::Condition(name => $parent, value =>
> > $instanceCond), new Gold::Condition(name => "Name", value => $actor) ],
> > chunkNum => 0);
> > < if (defined ${$results->{data}}[0]->[0] &&
> > ${$results->{data}}[0]->[0] eq "True")
> > < {
> > < next OBJECT;
> > < }
> > < }
> > < }
> > < # This is not an association
> > < else
> > ---
> >> my $membership = Gold::Cache->associationLookup($name,
> > "User");
> >> if (defined $membership)
> > 1123,1125c1107,1108
> > < # Check if there is a ${name}User assoc for which $actor
> > is member< my $membership =
> > Gold::Cache->associationLookup($name, "User");
> > < if (defined $membership)
> > ---
> >> my $results = $self->{_database}->select(object =>
> > $membership, selections => [ new Gold::Selection(name => "Admin") ],
> > conditions => [ new Gold::Condition(name => $name, value =>
> > $instanceCond), new Gold::Condition(name => "Name", value => $actor) ],
> > chunkNum => 0);
> >> if (defined ${$results->{data}}[0]->[0] &&
> > ${$results->{data}}[0]->[0] eq "True")
> > 1127,1131c1110
> > < my $results = $self->{_database}->select(object =>
> > $membership, selections => [ new Gold::Selection(name => "Admin") ],
> > conditions => [ new Gold::Condition(name => $name, value =>
> > $instanceCond), new Gold::Condition(name => "Name", value => $actor) ],
> > chunkNum => 0);
> > < if (defined ${$results->{data}}[0]->[0] &&
> > ${$results->{data}}[0]->[0] eq "True")
> > < {
> > < next OBJECT;
> > < }
> > ---
> >> next OBJECT;
> >
> > That should get it to work for the use case cited above with the proper
> > Role, RoleUser and RoleAction lines in place. As you have noticed, the
> > ADMIN Role Instance type has not been exercized much and is not well
> > developed, however, I think it is likely that between the two of us, we
> > can get it working for some simple cases like allowing project admins to
> > add and delete users, etc (Hopefully these two changes will enable that
> > much).
> >
> > I'm sorry about your problems and I apologize for losing track of your
> > email. I happened to find it in a search on bounced emails. If you are
> > inclined to do so, please subscribe to the gold-users mailing list so
> > your posts don't get bounced.
> > http://www.supercluster.org/mailman/subscribe/gold-users
> >
> > I hope this helps. Email me directly if you want to continue with this
> > problem if any issues arise.
> >
> > Thanks,
> >
> > Scott
> >
> >
> > p.s. I can also generate you an updated gold tarball if you would rather
> > just do a full upgrade.
> >
> > On Tue, 2006-05-30 at 18:27 +0200, Alessandro Federico wrote:
> >> hi!
> >>
> >> with gold-2.0.0.7 i have the following configuration:
> >>
> >> gold at cmslab03:~> goldsh RoleUser Query Role==ProjectAdmin
> >> Role Name
> >> ------------ --------
> >> ProjectAdmin afederic
> >>
> >> gold at cmslab03:~> goldsh ProjectUser Query Admin==True
> >> Project Name Active Admin
> >> ------- -------- ------ -----
> >> biology afederic True True
> >>
> >> when I try to make a change to the biology project
> >> as user afederic, i get the folowing error:
> >>
> >> [afederic at cmslab03 ~]# gchproject -d blablabla biology
> >> DBD::Pg::st execute failed: ERROR: column "g_admin" does not exist
> >>
> >> Looking at the server log file I have found that the wrong
> >> query is:
> >>
> >> SELECT g_admin FROM g_object WHERE ( g_project='biology' AND
> >> g_name='afederic' ) AND g_deleted!='True';
> >>
> >> For some mistake this SELECT is done on the g_object table
> >> instead of the g_project_user table.
> >>
> >> Does anybody know how to correct this bug?
> >>
> >> thanks
> >>
> >> ale
> >>
>
More information about the gold-users
mailing list