incubator-sling-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From conflue...@apache.org
Subject [CONF] Apache Sling Website > Managing permissions (jackrabbit.accessmanager)
Date Mon, 01 Mar 2010 14:27:00 GMT
<html>
<head>
    <base href="http://cwiki.apache.org/confluence">
            <link rel="stylesheet" href="/confluence/s/1519/1/1/_/styles/combined.css?spaceKey=SLINGxSITE&amp;forWysiwyg=true"
type="text/css">
    </head>
<body style="background-color: white" bgcolor="white">
<div id="pageContent">
<div id="notificationFormat">
<div class="wiki-content">
<div class="email">
     <h2><a href="http://cwiki.apache.org/confluence/display/SLINGxSITE/Managing+permissions+%28jackrabbit.accessmanager%29">Managing
permissions (jackrabbit.accessmanager)</a></h2>
     <h4>Page <b>edited</b> by             <a href="http://cwiki.apache.org/confluence/display/~edn">Eric
Norman</a>
    </h4>
     Reverted from v. 2
          <div id="versionComment" class="noteMacro" style="display:none; padding: 5px;">
     Reverted from v. 2<br />
     </div>
          <br/>
     <div class="notificationGreySide">
         <h1><a name="Managingpermissions%28jackrabbit.accessmanager%29-Managingpermissions"></a>Managing
permissions</h1>


<p>The <tt>jackrabbit-accessmanager</tt> bundle delivers a REST interface
to manipulate users permissions in the JCR. After installing the <tt>jackrabbit-accessmanager</tt>
bundle the REST services are exposed under the path of the node where you will manipulate
the<br/>
permissions for a user with a specific selector like <tt>modifyAce</tt>, <tt>acl</tt>
and <tt>deleteAce</tt>.</p>
<div>
<ul>
    <li><a href='#Managingpermissions%28jackrabbit.accessmanager%29-Privileges'>Privileges</a></li>
    <li><a href='#Managingpermissions%28jackrabbit.accessmanager%29-Addormodifypermissions'>Add
or modify permissions</a></li>
    <li><a href='#Managingpermissions%28jackrabbit.accessmanager%29-Deletepermissions'>Delete
permissions</a></li>
    <li><a href='#Managingpermissions%28jackrabbit.accessmanager%29-Getpermissions'>Get
permissions</a></li>
</ul></div>

<h2><a name="Managingpermissions%28jackrabbit.accessmanager%29-Privileges"></a>Privileges</h2>

<table class='confluenceTable'><tbody>
<tr>
<th class='confluenceTh'> privilagename </th>
<th class='confluenceTh'> description </th>
</tr>
<tr>
<td class='confluenceTd'> jcr:read </td>
<td class='confluenceTd'> the privilege to retrieve a node and get its properties and
their values </td>
</tr>
<tr>
<td class='confluenceTd'> jcr:readAccessControl </td>
<td class='confluenceTd'> the privilege to get the access control policy of a node </td>
</tr>
<tr>
<td class='confluenceTd'> jcr:modifyProperties </td>
<td class='confluenceTd'> the privilege to create, modify and remove the properties
of a node </td>
</tr>
<tr>
<td class='confluenceTd'> jcr:addChildNodes </td>
<td class='confluenceTd'> the privilege to create child nodes of a node </td>
</tr>
<tr>
<td class='confluenceTd'> jcr:removeChildNodes </td>
<td class='confluenceTd'> the privilege to remove child nodes of a node </td>
</tr>
<tr>
<td class='confluenceTd'> jcr:removeNode </td>
<td class='confluenceTd'> the privilege to remove a node </td>
</tr>
<tr>
<td class='confluenceTd'> jcr:write </td>
<td class='confluenceTd'> an aggregate privilege that contains: jcr:modifyProperties
 jcr:addChildNodes  jcr:removeNode  jcr:removeChildNodes </td>
</tr>
<tr>
<td class='confluenceTd'> jcr:modifyAccessControl </td>
<td class='confluenceTd'> the privilege to modify the access control policies of a node
</td>
</tr>
<tr>
<td class='confluenceTd'> jcr:all </td>
<td class='confluenceTd'> n aggregate privilege that contains all predefined privileges
</td>
</tr>
</tbody></table>

<h2><a name="Managingpermissions%28jackrabbit.accessmanager%29-Addormodifypermissions"></a>Add
or modify permissions</h2>

<p>To modify the permissions for a node POST a request to <tt>/&lt;path-to-the-node&gt;.modifyAce.html</tt>.
The following parameters are available:</p>
<table class='confluenceTable'><tbody>
<tr>
<th class='confluenceTh'> parameter name <br clear="all" /> </th>
<th class='confluenceTh'> required <br clear="all" /> </th>
<th class='confluenceTh'> description <br clear="all" /> </th>
</tr>
<tr>
<td class='confluenceTd'> principalId <br clear="all" /> </td>
<td class='confluenceTd'> yes <br clear="all" /> </td>
<td class='confluenceTd'> The name of the user or the group to assign the privileges
to<br clear="all" /> </td>
</tr>
<tr>
<td class='confluenceTd'> privilege@&lt;privilege-name&gt;=granted<br clear="all"
/> </td>
<td class='confluenceTd'> yes <br clear="all" /> </td>
<td class='confluenceTd'> The privilege which should be set. Instead of <em>granted</em>
it's also possible to use <em>denied</em> to set a privilege is denied to a user
or group. As privilege name see table above <br clear="all" /> </td>
</tr>
</tbody></table>
<p>Responses:</p>
<table class='confluenceTable'><tbody>
<tr>
<td class='confluenceTd'> 200 </td>
<td class='confluenceTd'> Success </td>
</tr>
<tr>
<td class='confluenceTd'> 500  </td>
<td class='confluenceTd'> Failure, HTML explains failure. </td>
</tr>
</tbody></table>
<p>Example with curl:</p>
<div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent
panelContent">
<pre>curl -FprincipalId=myuser -Fprivilege@jcr:read=granted http://localhost:8080/test/node.modifyAce.html
</pre>
</div></div>


<h2><a name="Managingpermissions%28jackrabbit.accessmanager%29-Deletepermissions"></a>Delete
permissions</h2>

<p>To delete permissions for a node POST a request to <tt>/&lt;path-to-the-node&gt;.deleteAce.html</tt>.
The following parameters are available:</p>
<table class='confluenceTable'><tbody>
<tr>
<th class='confluenceTh'> parameter name <br clear="all" /> </th>
<th class='confluenceTh'> required <br clear="all" /> </th>
<th class='confluenceTh'> description <br clear="all" /> </th>
</tr>
<tr>
<td class='confluenceTd'> :applyTo<br clear="all" /> </td>
<td class='confluenceTd'> yes <br clear="all" /> </td>
<td class='confluenceTd'> An array with the name of the users and/or the name of the
groups to remove the privileges. <br clear="all" /> </td>
</tr>
</tbody></table>

<p>Responses:</p>
<table class='confluenceTable'><tbody>
<tr>
<td class='confluenceTd'> 200 </td>
<td class='confluenceTd'> Success </td>
</tr>
<tr>
<td class='confluenceTd'> 500  </td>
<td class='confluenceTd'> Failure, HTML explains failure. </td>
</tr>
</tbody></table>
<p>Example with curl:</p>
<div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent
panelContent">
<pre>curl -F:applyTo=myuser http://localhost:8080/test/node.deleteAce.html
</pre>
</div></div>

<h2><a name="Managingpermissions%28jackrabbit.accessmanager%29-Getpermissions"></a>Get
permissions</h2>

<p>To get permissions in a json format for a node send a GET request to <tt>/&lt;path-to-the-node&gt;.acl.json</tt>.
</p>

<p>Example:</p>
<div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent
panelContent">
<pre>http://localhost:8080/test/node.acl.json
</pre>
</div></div>

     </div>
     <div id="commentsSection" class="wiki-content pageSection">
       <div style="float: right;">
            <a href="http://cwiki.apache.org/confluence/users/viewnotifications.action"
class="grey">Change Notification Preferences</a>
       </div>

       <a href="http://cwiki.apache.org/confluence/display/SLINGxSITE/Managing+permissions+%28jackrabbit.accessmanager%29">View
Online</a>
       |
       <a href="http://cwiki.apache.org/confluence/pages/diffpagesbyversion.action?pageId=2852972&revisedVersion=5&originalVersion=4">View
Change</a>
              |
       <a href="http://cwiki.apache.org/confluence/display/SLINGxSITE/Managing+permissions+%28jackrabbit.accessmanager%29?showComments=true&amp;showCommentArea=true#addcomment">Add
Comment</a>
            </div>
</div>
</div>
</div>
</div>
</body>
</html>

Mime
View raw message