Hi Alex, thanks for your fast replies. I also thought about the solutions u suggest. Storing our rules by path results in a refactoring overhead when a node is renamed. That was the reason why we want to take the node id instead of its path. Your 2. suggestion should work and I think I will implement it like this but that results in an extra permission check _before_ we call save on the node. That is not nice because u can also remove the node without that check, means the permission check is not forced for each node removal. But I think that is ok for our app. We always have to go over our self defined remove method with the extra permission check.
I think the behaviour in the AccessManager is a little bit strange because u can not always obtain the whole information of a removed node. The path of the node is not always sufficient. But thanks for your answers. Regards, Sascha -----Ursprüngliche Nachricht----- Von: Alexander Klimetschek [mailto:[email protected]] Gesendet: Montag, 16. August 2010 20:30 An: [email protected] Betreff: Re: How to retrieve the node id in AccessManager of a removed node On Mon, Aug 16, 2010 at 19:03, <[email protected]> wrote: > Hi, > > our permissions are defined in a separate db scheme with its own database > tables. In these tables we reference only the node id of the JCR nodes on > which we have defined some own permissions because that id is unique and is > not changed when the node is renamed. When the user removes a node we want to > check the permission tables if the user is allowed to do so. Therefore we > need the uuid of the node that is being deleted to check the permissions > because we have to know what node is deleted. You should be able to do so _before_ the session is persisted via save (but I don't know the exact internals of the access control manager and when it is called for a node removal). Otherwise I would suggest to store your ACL rules by path and not by node uuid, just as the principal-based authorization in Jackrabbit works. This is much more handy for defining rules, for non-existent nodes for example. Regards, Alex -- Alexander Klimetschek [email protected]
