Hi, Am 23.11.2011 um 14:01 schrieb Bertrand Delacretaz:
> On Wed, Nov 23, 2011 at 9:41 AM, Felix Meschberger <[email protected]> wrote: >> ...I suggest, we extend the Resource API as follows: >> >> boolean ResourceResolver.hasPermission(String absPath, String action); >> boolean ResourceProvider.hasPermission(String absPath, String action); >> >> ... >> In addition, we would define a set of actions use full in terms of Sling: >> cread, read, update , delete (aka CRUD) plus (maybe) execute (for calling >> scripts and servlets).... > > This sounds a lot like reinventing JCR...why not use the existing JCR > AccessControlManager API then? Absolutely not. This is just a single method (which is similar to Session.checkPermission). This is far away from JCR's AccessControlManager, which I explicitly don't want to duplicate. I want to keep it simple and in the context of Sling. Regards Felix > See [1] and [2]. > > That API is only about String paths AFAICS, it defines a number of > standard privilege names and allows for additional privilege names - > so a non-JCR ResourceProvider could very well use it IMO. > > I haven't looked at all the details but we can probably just define a > new AccessControlManagerProvider API, that returns a JCR > AccessControlManager, and the ResourceResolver would use it for > ResourceProviders that implement it. > > -Bertrand > > [1] > http://www.day.com/maven/jsr170/javadocs/jcr-2.0/javax/jcr/security/AccessControlManager.html > > [2] http://www.day.com/specs/jcr/2.0/16_Access_Control_Management.html
