On Wed, Jul 7, 2010 at 14:46, Ian Boston <[email protected]> wrote: >> 1) the public part would be some subdirectory of the user node, ie. >> /_user/<userid>/public_html; then with a principal-based ACL like >> "read anon /_user/*/public_html" it should be accessible to the >> public; a special filter would then do the redirect from "~<userid>" >> URLs to the internal /_user/<userid>/public_html path > > > Unfortunately IIRC the resource resolver in Sling requires read to all the > parent nodes back to the root node. > I will check that again.
Ok, that should be fixed then. If this works in JCR, it should work in Sling, too. But I am not sure if it really works in JCR... might be that you need access to all the ancestor nodes there as well. If it works, then only with the principal-based ACLs, as the resource-based ACL evaluation stops at a deny on a parent node. >> 2) separate the user private and public trees completely, ie. for the >> public part have something like /content /users/<userid> > > > That would allow listing of all the users. Ah, right, now I am finally getting to the point of this discussion ;-). In this case I would give the /content/users node an explicit resource type and override all the default get servlets from sling that allow listing of that resource in json, xml, webdav etc. to prevent that. Which is more or less what was suggest before, I guess :) Regards, Alex -- Alexander Klimetschek [email protected]
