Hi, See below for a few comments about the recently added ResourceAccessSecurity.
IMO these show that this API will still evolve, which makes me think that this belongs in the whiteboard for now - maybe using a forked sling.api bundle if that's easier. -Bertrand Notes on ResourceAccessSecurity: 1) javadocs says "* - Expected to only be implemented once in the framework/application...", I'm not sure about that. If you have both a filesystem and an HBase resource providers, they might use very different implementations? 2) Notes as comments in the interface: public interface ResourceAccessSecurity { // Calling that canRead would be more consistent with other names public Resource checkReadPermission( Resource resource ); // Having to extract username as a String feels a bit funny - maybe // you need an opaque ResourceCredentials object that the ResourceResolver can provide // based on a Request or Resource, similar to JCR Sessions. public boolean canCreate( String absPathName, String user ); public boolean canUpdate( Resource resource ); public boolean canDelete( Resource resource ); public boolean canExecute( Resource resource ); public boolean canReadValue( Resource resource, String valueName ); // Do we need both canCreate and canUpdate? To use canCreate you first need // to find out that the value doesn't exist, feels a bit weird. Maybe canSetValue // can cover both cases, by first checking if the value exists public boolean canCreateValue( Resource resource, String valueName ); public boolean canUpdateValue( Resource resource, String valueName ); public boolean canDeleteValue( Resource resource, String valueName ); // Does that rather belong to a QuerySecurity interface, what's the use case? // Also, user vs. ResourceCredentials as above public String sanitizeQuery( String query, String language, String user ) throws AccessSecurityException; }