Hi Sandro, On Sun, Sep 16, 2012 at 8:41 PM, Sandro Boehme <[email protected]> wrote: > ...The security is based on paths. Is there any other security mechanism that > is based on the HTTP method, resource types, selector, suffix or extension?...
The idea is to delegate security entirely to the underlying JCR repository, so no that doesn't take these things into account, you usually have to design your security model based on the *effects* (like POST potentially modifying content) of those things on the content. If you need more indirect permissions you can use additional nodes to define what users can do - assuming you have an email sending service for example, it could refuse to send mail if the current user cannot read the /etc/permissions/sendmail node. -Bertrand
