[
https://issues.apache.org/jira/browse/JCR-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13003921#comment-13003921
]
Thomas Mueller commented on JCR-2910:
-------------------------------------
It's a security issue. Only admin users are allowed to backup the repository,
or change the configuration using the GUI. I expect to use this method in quite
a few places. Creating a utility method is possible of course, but it would
just make things more complicated.
> something like session.checkPermission("/", "admin")
Which would be very ugly, don't you agree? SessionImpl.isAdmin() is already
implemented, why make things more complicated than really necessary?
If you like complicated, please explain *why*.
> Please add JackrabbitSession.isAdmin
> ------------------------------------
>
> Key: JCR-2910
> URL: https://issues.apache.org/jira/browse/JCR-2910
> Project: Jackrabbit Content Repository
> Issue Type: Improvement
> Reporter: Thomas Mueller
> Priority: Minor
>
> Currently finding out if the session user is an admin requires:
> JackrabbitSession js = (JackrabbitSession) session;
> User user = ((User) js.getUserManager().getAuthorizable(session.getUserID()));
> boolean isAdmin = user.isAdmin();
> Or: ((SessionImpl) session).isAdmin(). However casting to an implementation
> is problematic for several reasons.
> I think it would make sense to add isAdmin() to the JackrabbitSession
> interface, so the code above would be:
> ((JackrabbitSession) session).isAdmin()
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
