[gold-users] Re: column "g_admin" does not exist

Alessandro Federico alessandro.federico at caspur.it
Tue Nov 21 02:49:59 MST 2006


Scott,

thank you very much, it's ok with the new version.

Regards,
Ale

Scott Jackson wrote:
> Ale,
> 
> Would you mind trying the version I just pointed you at? I tried this on
> 2.1.0.1 and it worked.
> 
> [gold at kahuna ~]$ goldsh RoleUser Query Role==ProjectAdmin
> Role         Name
> ------------ ----
> ProjectAdmin ANY
> 
> [gold at kahuna gold]$ goldsh RoleAction Query Role==ProjectAdmin
> Role         Object      Name Instance
> ------------ ----------- ---- --------
> ProjectAdmin Project     ANY  ADMIN
> ProjectAdmin ProjectUser ANY  ADMIN
> 
> [gold at kahuna gold]$ goldsh ProjectUser Query Admin==True
> Project   Name    Active Admin
> --------- ------- ------ -----
> chemistry scottmo True   True
> 
> [scottmo at kahuna gold]$ gchproject -d blablabla1 chemistry
> Successfully modified 1 Projects
> 
> [jacksond at kahuna ~]$ gchproject -d blablabla2 chemistry
> jacksond is not authorized to perform this function (Project Modify)
> 
> Thanks,
> 
> Scott
> 
> On Mon, 2006-11-20 at 18:07 +0100, Alessandro Federico wrote:
>> Scott,
>>
>> with gold 2.1.0 I have tried the patches you descibed below
>> but the problem still remain...
>>
>> Regards,
>> Ale
>>
>> Scott Jackson wrote:
>>> Alessandro,
>>>
>>> This is due to a bug in Cache.pm in the associationLookup routine.
>>>
>>> Here is the relevant diff:
>>>
>>> 525c527
>>> <       return $objectNode->getAttribute("Name");
>>> ---
>>>>       return $objectNode->nodeName();
>>> Let me know if this does not work for you.
>>>
>>> After making this change, you will find that the admin still cannot
>>> successfully use an admin role to add users to his project.
>>>
>>> This has been correct by a fix to Proxy.pm in the authorize routine. I
>>> think your best bet is to use the attached file, but I will include the
>>> diff if you want to do it manually.
>>>
>>> 1104,1121c1104,1105
>>> <           # This is an association
>>> <           if ($association)
>>> <           {
>>> <             # Check if there is a ${parent}User assoc for which $actor
>>> is member
>>> <             my  $membership = Gold::Cache->associationLookup($parent,
>>> "User");<     $log->debug("Membership = $membership");
>>> <
>>> <             if (defined $membership)
>>> <             {
>>> <               my $results = $self->{_database}->select(object =>
>>> $membership, selections => [ new Gold::Selection(name => "Admin") ],
>>> conditions => [ new Gold::Condition(name => $parent, value =>
>>> $instanceCond), new Gold::Condition(name => "Name", value => $actor) ],
>>> chunkNum => 0);
>>> <               if (defined ${$results->{data}}[0]->[0] &&
>>> ${$results->{data}}[0]->[0] eq "True")
>>> <               {
>>> <                 next OBJECT;
>>> <               }
>>> <             }
>>> <           }
>>> <           # This is not an association
>>> <           else
>>> ---
>>>>           my $membership = Gold::Cache->associationLookup($name,
>>> "User");
>>>>           if (defined $membership)
>>> 1123,1125c1107,1108
>>> <             # Check if there is a ${name}User assoc for which $actor
>>> is member<             my $membership =
>>> Gold::Cache->associationLookup($name, "User");
>>> <             if (defined $membership)
>>> ---
>>>>             my $results = $self->{_database}->select(object =>
>>> $membership, selections => [ new Gold::Selection(name => "Admin") ],
>>> conditions => [ new Gold::Condition(name => $name, value =>
>>> $instanceCond), new Gold::Condition(name => "Name", value => $actor) ],
>>> chunkNum => 0);
>>>>             if (defined ${$results->{data}}[0]->[0] &&
>>> ${$results->{data}}[0]->[0] eq "True")
>>> 1127,1131c1110
>>> <               my $results = $self->{_database}->select(object =>
>>> $membership, selections => [ new Gold::Selection(name => "Admin") ],
>>> conditions => [ new Gold::Condition(name => $name, value =>
>>> $instanceCond), new Gold::Condition(name => "Name", value => $actor) ],
>>> chunkNum => 0);
>>> <               if (defined ${$results->{data}}[0]->[0] &&
>>> ${$results->{data}}[0]->[0] eq "True")
>>> <               {
>>> <                 next OBJECT;
>>> <               }
>>> ---
>>>>               next OBJECT;
>>> That should get it to work for the use case cited above with the proper
>>> Role, RoleUser and RoleAction lines in place. As you have noticed, the
>>> ADMIN Role Instance type has not been exercized much and is not well
>>> developed, however, I think it is likely that between the two of us, we
>>> can get it working for some simple cases like allowing project admins to
>>> add and delete users, etc (Hopefully these two changes will enable that
>>> much).
>>>
>>> I'm sorry about your problems and I apologize for losing track of your
>>> email. I happened to find it in a search on bounced emails. If you are
>>> inclined to do so, please subscribe to the gold-users mailing list so
>>> your posts don't get bounced.
>>> http://www.supercluster.org/mailman/subscribe/gold-users
>>>
>>> I hope this helps. Email me directly if you want to continue with this
>>> problem if any issues arise.
>>>
>>> Thanks,
>>>
>>> Scott
>>>
>>>
>>> p.s. I can also generate you an updated gold tarball if you would rather
>>> just do a full upgrade.
>>>
>>> On Tue, 2006-05-30 at 18:27 +0200, Alessandro Federico wrote:
>>>> hi!
>>>>
>>>> with gold-2.0.0.7 i have the following configuration:
>>>>
>>>> gold at cmslab03:~> goldsh RoleUser Query Role==ProjectAdmin
>>>> Role         Name
>>>> ------------ --------
>>>> ProjectAdmin afederic
>>>>
>>>> gold at cmslab03:~> goldsh ProjectUser Query Admin==True
>>>> Project Name     Active Admin
>>>> ------- -------- ------ -----
>>>> biology afederic True   True
>>>>
>>>> when I try to make a change to the biology project
>>>> as user afederic, i get the folowing error:
>>>>
>>>> [afederic at cmslab03 ~]# gchproject -d blablabla biology
>>>> DBD::Pg::st execute failed: ERROR:  column "g_admin" does not exist
>>>>
>>>> Looking at the server log file I have found that the wrong
>>>> query is:
>>>>
>>>> SELECT g_admin FROM g_object WHERE ( g_project='biology' AND
>>>> g_name='afederic' ) AND g_deleted!='True';
>>>>
>>>> For some mistake this SELECT is done on the g_object table
>>>> instead of the g_project_user table.
>>>>
>>>> Does anybody know how to correct this bug?
>>>>
>>>> thanks
>>>>
>>>> ale
>>>>
> 

-- 
 Alessandro Federico
 CASPUR     http://www.caspur.it/
 e-mail:    alessandro.federico at caspur.it
 phone:     +39 06 44486708
 fax:       +39 06 4957083
------------------------------------------
 Military intelligence is a contradiction
 in terms.                 (Groucho Marx)
------------------------------------------


More information about the gold-users mailing list