[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-users] XACML Studio: problem with deleting policies
You need to have admin permissions to delete. There is a property in development/production.rb that is called: XS_Config.super_users = ['user_name'] It's actually a list of all admin users. Add there all users that need write/change/delete access. Hope it helps. Oleg. ----- Original Message ---- From: Bernard Butler <bbutler@tssg.org> To: xacml-users@lists.oasis-open.org Sent: Fri, March 5, 2010 3:11:29 PM Subject: [xacml-users] XACML Studio: problem with deleting policies Hi, When working in XACML Studio, I tried to delete some obsolete policies only to get the following message: FAILED TO DELETE: Not Authorized I searched for that text and the alert is raised in XS_ROOT/public/xs/scripts/util.js. It seems to send an Ajax request as follows: var request = Ext.Ajax.request({ url: path, node: node, params: {_method:'delete', authenticity_token: '08a615abb8ef5bf86adddf9c92394bceda2b2a9c'}, success: function(resp,opt){XSU.deleteNode(opt['node']);}, failure: function(resp,opt){alert("FAILED TO DELETE: "+resp.responseText);} }); The authenticity_token looks suspicious because it is a hardcoded value. Sometimes such tokens come from cookies, but there is no attempt made by the code to read any cookie value. I tried putting in the value of the session cookie created when I logged in earlier, but it didn't work. I would welcome any advice on how to overcome this problem. Thanks, Bernard --------------------------------------------------------------------- To unsubscribe, e-mail: xacml-users-unsubscribe@lists.oasis-open.org For additional commands, e-mail: xacml-users-help@lists.oasis-open.org
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]