On 2 Jul 2010, at 13:00, Ian Boston wrote: > > On 2 Jul 2010, at 11:58, Alexander Klimetschek wrote: > >>> >>> I have a feeling this is just not possible in JCR2 at the AccessManager >>> level since it cant distinguish between a direct request and a listing >>> request, can you confirm ? >> >> Conceptually there is no "listing request". When you list sub nodes, >> you get all nodes that you have access to. Thus there is a single >> "jcr:read" permission which means access to this node and its >> properties. > > > Ok, thanks for you help > Ian >
A follow up on this, low level permissions wont work since they cant discriminate between list children and get child. I have done a filter that prevents http access to nodes by a property on that node, its ugly, but works as required, but that leads me to 2 thoughts. 1. In the WebDav area: We could modify the webdav servlet to allow other bundles to provide an implementation of SlingResourceConfig or ItemFilter in the Sling webdav bundle or some other service implementation to provide filtering of webdav. 2. In the default Sling servlet a node property could be used to deny listing of the children of a node. WDYT? Is it worth looking at 2 separate patches or would the be a non starter for Sling ? Ian
