On 13.03.2013, at 10:38, Felix Meschberger <fmesc...@adobe.com> wrote:
> I think that's start of my thread: Don't use ResourceProviderDecortator or > some other non-mandatory thing to implement access control. Access control > should be intrinsic to the ResourceProvider and the ResourceProvider should > either leverage the underlying store (as the JCR ResourceProvider) or use a > central service which Mike is now going after. And if you have an existing ResourceProvider such as the file system one that you want to enhance with an ACL mechanism, you: - build a new resource provider, e.g. AclFSResourceProvider - that wraps the existing one (fs provider) - uses the new separate acl service ResourceAccessSecurity That should work, right? A wrapper can do the ACL checks and decide whether to return something or null, or wrap modifieable resources with an ACL check or not. Cheers, Alex