Inline:
Sent from my iPhone
On 6 Jul 2010, at 17:37, Alexander Klimetschek <[email protected]> wrote:
On Tue, Jul 6, 2010 at 17:35, Ian Boston <[email protected]> wrote:
Yes, I am not explaining myself clearly. Sorry.
/_user/aaa is jcr:read anon
...
/_user/ieb is jcr:read anon
...
/_user/zzz is jcr:read anon
but when I do
users.getNodes(); I want to see a list size 0 not a list size n.
Its the entire list that must be protected.
If I know the ID (aaa,ieb,zzz) I should be able to access it.
Then you should login with the ID into the repository, ie. have them
as users, because that's what they are.
If i do that, how will i differentiate between anon users and the real
user who is granted wider access in their own subtree?
Ie /_user/ieb/private is
denied jcr:read anon
granted jcr:all ieb
/_user/ieb/private has a child node subtree
And
/_user/ieb is
granted jcr:read anon
granted jcr:all ieb
/_user/ieb has a child node subtree
Ian
Then you can easily set ACLs
for those paths. Doing this based on anonymous + filter servlets would
just be another ACL system on top of an existing one.
If I know every singe ID, I should be able to access every URL, but
I should not be able to discover all the IDs from the system.
The ID's are Student IDs and under the Data Protection Act as
interpreted by the University of Cambridge IDs are not listable by
anyone, IIUC this is part of the privacy policy of the University.
In the US the regulation is FERPA [1] and its interpretation by
the institution.
1 http://en.wikipedia.org/wiki/Family_Educational_Rights_and_Privacy_Act
Regards,
Alex
--
Alexander Klimetschek
[email protected]
