On Tue, Jul 6, 2010 at 12:24, Ian Boston <[email protected]> wrote: > > > > On 6 Jul 2010, at 10:15, Alexander Klimetschek wrote: > >> On Tue, Jul 6, 2010 at 11:13, Alexander Klimetschek <[email protected]> wrote: >>> On Tue, Jul 6, 2010 at 10:21, Ian Boston <[email protected]> wrote: >>>> A follow up on this, low level permissions wont work since they cant >>>> discriminate between list children and get child. >>> >>> Rereading your original mail now, I note that I didn't see that you >>> still want the sub nodes to be accessible. Then my answer is no >>> solution, of course ;-) >> >> Actually principal-based access controls make my suggestion simpler to >> setup, especially the second point: > > > We still have the list all children problem here.
No. If userX has read/write access to /_user/ieb but not to /_user/a, /_user/b and all the other subnodes of /_user then node.getNodes() will only return /_user/ieb. > The data protection policy that is driving this is that, we have 50K users, > all with user ID's we have to prevent anyone from getting a list of the user > ID's, but still allow someone who knows the user ID to access the content. > Its the same as the UserDir module in Apache httpd ie /~ieb Regards, Alex -- Alexander Klimetschek [email protected]
