Hi, I would like to cut some releases shortly, especially a new API, resourceresolver and jcr resource release.
I think, this is the only item blocking this. From the api pov, I guess only the definition of the resource provider property is missing which controls whether the RAS should be applied. How about the implementation? Regards Carsten 2013/3/27 Mike Müller <mike...@mysign.ch> > +1 > > > -----Original Message----- > > From: Bertrand Delacretaz [mailto:bdelacre...@apache.org] > > Sent: Wednesday, March 27, 2013 5:53 PM > > To: dev@sling.apache.org > > Subject: Re: Feedback on the current ResourceAccessSecurity API > > > > On Wed, Mar 27, 2013 at 5:48 PM, Carsten Ziegeler <cziege...@apache.org> > > wrote: > > > ...What about a neutral name? It's up to the implementation whether it > > > optimizes or sanitizes - transformQuery maybe?... > > > > Works for me, suggested javadoc: > > > > ** > > Allows the ResourceProvider to transform the query based on the > > current user's credentials. Can be used to narrow down queries to omit > > results that the current user is not allowed to see anyway, speeding > > up downstream access control. > > > > Query transformations are not critical w.r.t access control as results > > are checked using the canRead.. methods anyway. > > *** > > > > -Bertrand > -- Carsten Ziegeler cziege...@apache.org
