incubator-sling-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From conflue...@apache.org
Subject [CONF] Apache Sling Website > Managing permissions (jackrabbit.accessmanager)
Date Fri, 06 May 2011 03:31:00 GMT
<html>
<head>
    <base href="https://cwiki.apache.org/confluence">
            <link rel="stylesheet" href="/confluence/s/2042/9/1/_/styles/combined.css?spaceKey=SLINGxSITE&amp;forWysiwyg=true"
type="text/css">
    </head>
<body style="background: white;" bgcolor="white" class="email-body">
<div id="pageContent">
<div id="notificationFormat">
<div class="wiki-content">
<div class="email">
    <h2><a href="https://cwiki.apache.org/confluence/display/SLINGxSITE/Managing+permissions+%28jackrabbit.accessmanager%29">Managing
permissions (jackrabbit.accessmanager)</a></h2>
    <h4>Page <b>edited</b> by             <a href="https://cwiki.apache.org/confluence/display/~edn">Eric
Norman</a>
    </h4>
        <br/>
                         <h4>Changes (1)</h4>
                                 
    
<div id="page-diffs">
                    <table class="diff" cellpadding="0" cellspacing="0">
    
            <tr><td class="diff-snipped" >...<br></td></tr>
            <tr><td class="diff-unchanged" > <br>{note}See section 16.3
of the JCR 2.0 specification for an explanation of the difference between bound and effective
policies.{note} <br></td></tr>
            <tr><td class="diff-added-lines" style="background-color: #dfd;">
<br> <br>h2. Sample User Interface Implementation <br> <br>_Since
Version 2.1.1_ <br> <br>A sample implementation of ui pages for permissions management
is provided @ http://svn.apache.org/viewvc/sling/trunk/samples/accessmanager-ui/ <br></td></tr>
    
            </table>
    </div>                            <h4>Full Content</h4>
                    <div class="notificationGreySide">
        <h1><a name="Managingpermissions%28jackrabbit.accessmanager%29-Managingpermissions"></a>Managing
permissions</h1>


<p>The <tt>jackrabbit-accessmanager</tt> bundle delivers a REST interface
to manipulate users permissions in the JCR. After installing the <tt>jackrabbit-accessmanager</tt>
bundle the REST services are exposed under the path of the node where you will manipulate
the permissions for a user with a specific selector like <tt>modifyAce</tt>, <tt>acl</tt>
and <tt>deleteAce</tt>.</p>
<div>
<ul>
    <li><a href='#Managingpermissions%28jackrabbit.accessmanager%29-Privileges'>Privileges</a></li>
    <li><a href='#Managingpermissions%28jackrabbit.accessmanager%29-Addormodifypermissions'>Add
or modify permissions</a></li>
    <li><a href='#Managingpermissions%28jackrabbit.accessmanager%29-Deletepermissions'>Delete
permissions</a></li>
    <li><a href='#Managingpermissions%28jackrabbit.accessmanager%29-Getpermissions'>Get
permissions</a></li>
<ul>
    <li><a href='#Managingpermissions%28jackrabbit.accessmanager%29-BoundPermissions'>Bound
Permissions</a></li>
    <li><a href='#Managingpermissions%28jackrabbit.accessmanager%29-EffectivePermissions'>Effective
Permissions</a></li>
</ul>
    <li><a href='#Managingpermissions%28jackrabbit.accessmanager%29-SampleUserInterfaceImplementation'>Sample
User Interface Implementation</a></li>
</ul></div>

<h2><a name="Managingpermissions%28jackrabbit.accessmanager%29-Privileges"></a>Privileges</h2>

<div class='table-wrap'>
<table class='confluenceTable'><tbody>
<tr>
<th class='confluenceTh'> privilagename </th>
<th class='confluenceTh'> description </th>
</tr>
<tr>
<td class='confluenceTd'> jcr:read </td>
<td class='confluenceTd'> the privilege to retrieve a node and get its properties and
their values </td>
</tr>
<tr>
<td class='confluenceTd'> jcr:readAccessControl </td>
<td class='confluenceTd'> the privilege to get the access control policy of a node </td>
</tr>
<tr>
<td class='confluenceTd'> jcr:modifyProperties </td>
<td class='confluenceTd'> the privilege to create, modify and remove the properties
of a node </td>
</tr>
<tr>
<td class='confluenceTd'> jcr:addChildNodes </td>
<td class='confluenceTd'> the privilege to create child nodes of a node </td>
</tr>
<tr>
<td class='confluenceTd'> jcr:removeChildNodes </td>
<td class='confluenceTd'> the privilege to remove child nodes of a node </td>
</tr>
<tr>
<td class='confluenceTd'> jcr:removeNode </td>
<td class='confluenceTd'> the privilege to remove a node </td>
</tr>
<tr>
<td class='confluenceTd'> jcr:write </td>
<td class='confluenceTd'> an aggregate privilege that contains: jcr:modifyProperties
 jcr:addChildNodes  jcr:removeNode  jcr:removeChildNodes </td>
</tr>
<tr>
<td class='confluenceTd'> jcr:modifyAccessControl </td>
<td class='confluenceTd'> the privilege to modify the access control policies of a node
</td>
</tr>
<tr>
<td class='confluenceTd'> jcr:lockManagement </td>
<td class='confluenceTd'> the privilege to lock and unlock a node </td>
</tr>
<tr>
<td class='confluenceTd'> jcr:versionManagement </td>
<td class='confluenceTd'> the privilege to perform versioning operations on a node </td>
</tr>
<tr>
<td class='confluenceTd'> jcr:nodeTypeManagement </td>
<td class='confluenceTd'> the privilege to add and remove mixin node types and change
the primary node type of a node </td>
</tr>
<tr>
<td class='confluenceTd'> jcr:retentionManagement </td>
<td class='confluenceTd'> the privilege to perform retention management operations on
a node </td>
</tr>
<tr>
<td class='confluenceTd'> jcr:lifecycleManagement </td>
<td class='confluenceTd'> the privilege to perform lifecycle operations on a node </td>
</tr>
<tr>
<td class='confluenceTd'> jcr:all </td>
<td class='confluenceTd'> an aggregate privilege that contains all predefined privileges
</td>
</tr>
</tbody></table>
</div>


<h2><a name="Managingpermissions%28jackrabbit.accessmanager%29-Addormodifypermissions"></a>Add
or modify permissions</h2>

<p>To modify the permissions for a node POST a request to <tt>/&lt;path-to-the-node&gt;.modifyAce.&lt;html
or json&gt;</tt>. The following parameters are available:</p>
<div class='table-wrap'>
<table class='confluenceTable'><tbody>
<tr>
<th class='confluenceTh'> parameter name <br class="atl-forced-newline" /> </th>
<th class='confluenceTh'> required <br class="atl-forced-newline" /> </th>
<th class='confluenceTh'> description <br class="atl-forced-newline" /> </th>
</tr>
<tr>
<td class='confluenceTd'> principalId <br class="atl-forced-newline" /> </td>
<td class='confluenceTd'> yes <br class="atl-forced-newline" /> </td>
<td class='confluenceTd'> The name of the user or the group to assign the privileges
to<br class="atl-forced-newline" /> </td>
</tr>
<tr>
<td class='confluenceTd'> privilege@&lt;privilege-name&gt;<br class="atl-forced-newline"
/> </td>
<td class='confluenceTd'> yes <br class="atl-forced-newline" /> </td>
<td class='confluenceTd'> The privilege which should be updated. See table above for
possible &lt;privilege-name&gt; values.  The request may contain several of these
parameters to update multiple privileges in a single request.  The parameter value should
be one of the following: <br class="atl-forced-newline" />
<ul>
	<li><em>granted</em> - Set the privlege as granted to the user or group.
<br class="atl-forced-newline" /></li>
	<li><em>denied</em> - Set the privilege as denied to the user or group.
<br class="atl-forced-newline" /></li>
	<li><em>none</em> - Unset a privilege that was previously set as granted
or denied. <br class="atl-forced-newline" /></li>
</ul>
</td>
</tr>
<tr>
<td class='confluenceTd'> order </td>
<td class='confluenceTd'> no </td>
<td class='confluenceTd'> The position where the access control entry should go in the
list.  The parameter value should be one of the following: <br class="atl-forced-newline"
/>
<ul>
	<li><em>first</em> - Place the target ACE as the first amongst its siblings.
<br class="atl-forced-newline" /></li>
	<li><em>last</em> - Place the target ACE as the last amongst its siblings.
<br class="atl-forced-newline" /></li>
	<li><em>before xyz</em> - Place the target ACE immediately before the sibling
whose principalId is xyz. <br class="atl-forced-newline" /></li>
	<li><em>after xyz</em> - Place the target ACE immediately after the sibling
whose principalId is xyz. <br class="atl-forced-newline" /></li>
	<li><em>numeric</em> - Place the target ACE at the specified numeric index.</li>
</ul>
</td>
</tr>
</tbody></table>
</div>



<p>Responses:</p>
<div class='table-wrap'>
<table class='confluenceTable'><tbody>
<tr>
<td class='confluenceTd'> 200 </td>
<td class='confluenceTd'> Success </td>
</tr>
<tr>
<td class='confluenceTd'> 500  </td>
<td class='confluenceTd'> Failure, HTML (or JSON) explains failure. </td>
</tr>
</tbody></table>
</div>

<p>Example with curl:</p>
<div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent
panelContent">
<pre>curl -FprincipalId=myuser -Fprivilege@jcr:read=granted http://localhost:8080/test/node.modifyAce.html
</pre>
</div></div>


<h2><a name="Managingpermissions%28jackrabbit.accessmanager%29-Deletepermissions"></a>Delete
permissions</h2>

<p>To delete permissions for a node POST a request to <tt>/&lt;path-to-the-node&gt;.deleteAce.&lt;html
or json&gt;</tt>. The following parameters are available:</p>
<div class='table-wrap'>
<table class='confluenceTable'><tbody>
<tr>
<th class='confluenceTh'> parameter name <br class="atl-forced-newline" /> </th>
<th class='confluenceTh'> required <br class="atl-forced-newline" /> </th>
<th class='confluenceTh'> description <br class="atl-forced-newline" /> </th>
</tr>
<tr>
<td class='confluenceTd'> :applyTo<br class="atl-forced-newline" /> </td>
<td class='confluenceTd'> yes <br class="atl-forced-newline" /> </td>
<td class='confluenceTd'> An array with the name of the users and/or the name of the
groups to remove the privileges. <br class="atl-forced-newline" /> </td>
</tr>
</tbody></table>
</div>


<p>Responses:</p>
<div class='table-wrap'>
<table class='confluenceTable'><tbody>
<tr>
<td class='confluenceTd'> 200 </td>
<td class='confluenceTd'> Success </td>
</tr>
<tr>
<td class='confluenceTd'> 500  </td>
<td class='confluenceTd'> Failure, HTML (or JSON) explains failure. </td>
</tr>
</tbody></table>
</div>

<p>Example with curl:</p>
<div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent
panelContent">
<pre>curl -F:applyTo=myuser http://localhost:8080/test/node.deleteAce.html
</pre>
</div></div>

<h2><a name="Managingpermissions%28jackrabbit.accessmanager%29-Getpermissions"></a>Get
permissions</h2>

<h3><a name="Managingpermissions%28jackrabbit.accessmanager%29-BoundPermissions"></a>Bound
Permissions</h3>

<p>To get the permissions bound to a particular node in a json format for a node send
a GET request to <tt>/&lt;path-to-the-node&gt;.acl.json</tt>. </p>

<p>Example:</p>
<div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent
panelContent">
<pre>http://localhost:8080/test/node.acl.json
</pre>
</div></div>

<h3><a name="Managingpermissions%28jackrabbit.accessmanager%29-EffectivePermissions"></a>Effective
Permissions</h3>

<p>To get the permissions which are effective for a particular node in a json format
for a node send a GET request to <tt>/&lt;path-to-the-node&gt;.eacl.json</tt>.
</p>

<p>Example:</p>
<div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent
panelContent">
<pre>http://localhost:8080/test/node.eacl.json
</pre>
</div></div>

<div class='panelMacro'><table class='noteMacro'><colgroup><col width='24'><col></colgroup><tr><td
valign='top'><img src="/confluence/images/icons/emoticons/warning.gif" width="16" height="16"
align="absmiddle" alt="" border="0"></td><td>See section 16.3 of the JCR 2.0
specification for an explanation of the difference between bound and effective policies.</td></tr></table></div>


<h2><a name="Managingpermissions%28jackrabbit.accessmanager%29-SampleUserInterfaceImplementation"></a>Sample
User Interface Implementation</h2>

<p><em>Since Version 2.1.1</em></p>

<p>A sample implementation of ui pages for permissions management is provided @ <a
href="http://svn.apache.org/viewvc/sling/trunk/samples/accessmanager-ui/" class="external-link"
rel="nofollow">http://svn.apache.org/viewvc/sling/trunk/samples/accessmanager-ui/</a></p>
    </div>
        <div id="commentsSection" class="wiki-content pageSection">
        <div style="float: right;">
            <a href="https://cwiki.apache.org/confluence/users/viewnotifications.action"
class="grey">Change Notification Preferences</a>
        </div>
        <a href="https://cwiki.apache.org/confluence/display/SLINGxSITE/Managing+permissions+%28jackrabbit.accessmanager%29">View
Online</a>
        |
        <a href="https://cwiki.apache.org/confluence/pages/diffpagesbyversion.action?pageId=2852972&revisedVersion=9&originalVersion=8">View
Changes</a>
                |
        <a href="https://cwiki.apache.org/confluence/display/SLINGxSITE/Managing+permissions+%28jackrabbit.accessmanager%29?showComments=true&amp;showCommentArea=true#addcomment">Add
Comment</a>
            </div>
</div>
</div>
</div>
</div>
</body>
</html>

Mime
View raw message