On Mon, Feb 23, 2009 at 3:14 PM, Vidar Ramdal <vi...@idium.no> wrote: > Hmmm. IMHO, the client is already defining the resource type (by > posting the sling:resourceType field). > Remember that I'm only talking about content that is being created. > When the client is posting new content (that the server doesn't > already know), I'd say the client knows more about the resource type > than the server does.
Ok, I have to admit that the creation of the content is a special case: creating a new resource via the sling post servlet and specifying the resourceType as part of the content is actually the same as allowing a resourceType parameter for the nonexisting case in general. But only if this is only possible with write-permissions on that path. An anonymous user with read-access only must not be able to select the resource type in the request. With the JCR ACLs in the background, this constraint is already easily achieved. Regards, Alex -- Alexander Klimetschek alexander.klimetsc...@day.com