<html>
<head>
<base href="https://cwiki.apache.org/confluence">
<link rel="stylesheet" href="/confluence/s/2042/9/1/_/styles/combined.css?spaceKey=SLINGxSITE&forWysiwyg=true"
type="text/css">
</head>
<body style="background: white;" bgcolor="white" class="email-body">
<div id="pageContent">
<div id="notificationFormat">
<div class="wiki-content">
<div class="email">
<h2><a href="https://cwiki.apache.org/confluence/display/SLINGxSITE/Managing+permissions+%28jackrabbit.accessmanager%29">Managing
permissions (jackrabbit.accessmanager)</a></h2>
<h4>Page <b>edited</b> by <a href="https://cwiki.apache.org/confluence/display/~edn">Eric
Norman</a>
</h4>
<br/>
<h4>Changes (1)</h4>
<div id="page-diffs">
<table class="diff" cellpadding="0" cellspacing="0">
<tr><td class="diff-snipped" >...<br></td></tr>
<tr><td class="diff-unchanged" > <br>{note}See section 16.3
of the JCR 2.0 specification for an explanation of the difference between bound and effective
policies.{note} <br></td></tr>
<tr><td class="diff-added-lines" style="background-color: #dfd;">
<br> <br>h2. Sample User Interface Implementation <br> <br>_Since
Version 2.1.1_ <br> <br>A sample implementation of ui pages for permissions management
is provided @ http://svn.apache.org/viewvc/sling/trunk/samples/accessmanager-ui/ <br></td></tr>
</table>
</div> <h4>Full Content</h4>
<div class="notificationGreySide">
<h1><a name="Managingpermissions%28jackrabbit.accessmanager%29-Managingpermissions"></a>Managing
permissions</h1>
<p>The <tt>jackrabbit-accessmanager</tt> bundle delivers a REST interface
to manipulate users permissions in the JCR. After installing the <tt>jackrabbit-accessmanager</tt>
bundle the REST services are exposed under the path of the node where you will manipulate
the permissions for a user with a specific selector like <tt>modifyAce</tt>, <tt>acl</tt>
and <tt>deleteAce</tt>.</p>
<div>
<ul>
<li><a href='#Managingpermissions%28jackrabbit.accessmanager%29-Privileges'>Privileges</a></li>
<li><a href='#Managingpermissions%28jackrabbit.accessmanager%29-Addormodifypermissions'>Add
or modify permissions</a></li>
<li><a href='#Managingpermissions%28jackrabbit.accessmanager%29-Deletepermissions'>Delete
permissions</a></li>
<li><a href='#Managingpermissions%28jackrabbit.accessmanager%29-Getpermissions'>Get
permissions</a></li>
<ul>
<li><a href='#Managingpermissions%28jackrabbit.accessmanager%29-BoundPermissions'>Bound
Permissions</a></li>
<li><a href='#Managingpermissions%28jackrabbit.accessmanager%29-EffectivePermissions'>Effective
Permissions</a></li>
</ul>
<li><a href='#Managingpermissions%28jackrabbit.accessmanager%29-SampleUserInterfaceImplementation'>Sample
User Interface Implementation</a></li>
</ul></div>
<h2><a name="Managingpermissions%28jackrabbit.accessmanager%29-Privileges"></a>Privileges</h2>
<div class='table-wrap'>
<table class='confluenceTable'><tbody>
<tr>
<th class='confluenceTh'> privilagename </th>
<th class='confluenceTh'> description </th>
</tr>
<tr>
<td class='confluenceTd'> jcr:read </td>
<td class='confluenceTd'> the privilege to retrieve a node and get its properties and
their values </td>
</tr>
<tr>
<td class='confluenceTd'> jcr:readAccessControl </td>
<td class='confluenceTd'> the privilege to get the access control policy of a node </td>
</tr>
<tr>
<td class='confluenceTd'> jcr:modifyProperties </td>
<td class='confluenceTd'> the privilege to create, modify and remove the properties
of a node </td>
</tr>
<tr>
<td class='confluenceTd'> jcr:addChildNodes </td>
<td class='confluenceTd'> the privilege to create child nodes of a node </td>
</tr>
<tr>
<td class='confluenceTd'> jcr:removeChildNodes </td>
<td class='confluenceTd'> the privilege to remove child nodes of a node </td>
</tr>
<tr>
<td class='confluenceTd'> jcr:removeNode </td>
<td class='confluenceTd'> the privilege to remove a node </td>
</tr>
<tr>
<td class='confluenceTd'> jcr:write </td>
<td class='confluenceTd'> an aggregate privilege that contains: jcr:modifyProperties
jcr:addChildNodes jcr:removeNode jcr:removeChildNodes </td>
</tr>
<tr>
<td class='confluenceTd'> jcr:modifyAccessControl </td>
<td class='confluenceTd'> the privilege to modify the access control policies of a node
</td>
</tr>
<tr>
<td class='confluenceTd'> jcr:lockManagement </td>
<td class='confluenceTd'> the privilege to lock and unlock a node </td>
</tr>
<tr>
<td class='confluenceTd'> jcr:versionManagement </td>
<td class='confluenceTd'> the privilege to perform versioning operations on a node </td>
</tr>
<tr>
<td class='confluenceTd'> jcr:nodeTypeManagement </td>
<td class='confluenceTd'> the privilege to add and remove mixin node types and change
the primary node type of a node </td>
</tr>
<tr>
<td class='confluenceTd'> jcr:retentionManagement </td>
<td class='confluenceTd'> the privilege to perform retention management operations on
a node </td>
</tr>
<tr>
<td class='confluenceTd'> jcr:lifecycleManagement </td>
<td class='confluenceTd'> the privilege to perform lifecycle operations on a node </td>
</tr>
<tr>
<td class='confluenceTd'> jcr:all </td>
<td class='confluenceTd'> an aggregate privilege that contains all predefined privileges
</td>
</tr>
</tbody></table>
</div>
<h2><a name="Managingpermissions%28jackrabbit.accessmanager%29-Addormodifypermissions"></a>Add
or modify permissions</h2>
<p>To modify the permissions for a node POST a request to <tt>/<path-to-the-node>.modifyAce.<html
or json></tt>. The following parameters are available:</p>
<div class='table-wrap'>
<table class='confluenceTable'><tbody>
<tr>
<th class='confluenceTh'> parameter name <br class="atl-forced-newline" /> </th>
<th class='confluenceTh'> required <br class="atl-forced-newline" /> </th>
<th class='confluenceTh'> description <br class="atl-forced-newline" /> </th>
</tr>
<tr>
<td class='confluenceTd'> principalId <br class="atl-forced-newline" /> </td>
<td class='confluenceTd'> yes <br class="atl-forced-newline" /> </td>
<td class='confluenceTd'> The name of the user or the group to assign the privileges
to<br class="atl-forced-newline" /> </td>
</tr>
<tr>
<td class='confluenceTd'> privilege@<privilege-name><br class="atl-forced-newline"
/> </td>
<td class='confluenceTd'> yes <br class="atl-forced-newline" /> </td>
<td class='confluenceTd'> The privilege which should be updated. See table above for
possible <privilege-name> values. The request may contain several of these
parameters to update multiple privileges in a single request. The parameter value should
be one of the following: <br class="atl-forced-newline" />
<ul>
<li><em>granted</em> - Set the privlege as granted to the user or group.
<br class="atl-forced-newline" /></li>
<li><em>denied</em> - Set the privilege as denied to the user or group.
<br class="atl-forced-newline" /></li>
<li><em>none</em> - Unset a privilege that was previously set as granted
or denied. <br class="atl-forced-newline" /></li>
</ul>
</td>
</tr>
<tr>
<td class='confluenceTd'> order </td>
<td class='confluenceTd'> no </td>
<td class='confluenceTd'> The position where the access control entry should go in the
list. The parameter value should be one of the following: <br class="atl-forced-newline"
/>
<ul>
<li><em>first</em> - Place the target ACE as the first amongst its siblings.
<br class="atl-forced-newline" /></li>
<li><em>last</em> - Place the target ACE as the last amongst its siblings.
<br class="atl-forced-newline" /></li>
<li><em>before xyz</em> - Place the target ACE immediately before the sibling
whose principalId is xyz. <br class="atl-forced-newline" /></li>
<li><em>after xyz</em> - Place the target ACE immediately after the sibling
whose principalId is xyz. <br class="atl-forced-newline" /></li>
<li><em>numeric</em> - Place the target ACE at the specified numeric index.</li>
</ul>
</td>
</tr>
</tbody></table>
</div>
<p>Responses:</p>
<div class='table-wrap'>
<table class='confluenceTable'><tbody>
<tr>
<td class='confluenceTd'> 200 </td>
<td class='confluenceTd'> Success </td>
</tr>
<tr>
<td class='confluenceTd'> 500 </td>
<td class='confluenceTd'> Failure, HTML (or JSON) explains failure. </td>
</tr>
</tbody></table>
</div>
<p>Example with curl:</p>
<div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent
panelContent">
<pre>curl -FprincipalId=myuser -Fprivilege@jcr:read=granted http://localhost:8080/test/node.modifyAce.html
</pre>
</div></div>
<h2><a name="Managingpermissions%28jackrabbit.accessmanager%29-Deletepermissions"></a>Delete
permissions</h2>
<p>To delete permissions for a node POST a request to <tt>/<path-to-the-node>.deleteAce.<html
or json></tt>. The following parameters are available:</p>
<div class='table-wrap'>
<table class='confluenceTable'><tbody>
<tr>
<th class='confluenceTh'> parameter name <br class="atl-forced-newline" /> </th>
<th class='confluenceTh'> required <br class="atl-forced-newline" /> </th>
<th class='confluenceTh'> description <br class="atl-forced-newline" /> </th>
</tr>
<tr>
<td class='confluenceTd'> :applyTo<br class="atl-forced-newline" /> </td>
<td class='confluenceTd'> yes <br class="atl-forced-newline" /> </td>
<td class='confluenceTd'> An array with the name of the users and/or the name of the
groups to remove the privileges. <br class="atl-forced-newline" /> </td>
</tr>
</tbody></table>
</div>
<p>Responses:</p>
<div class='table-wrap'>
<table class='confluenceTable'><tbody>
<tr>
<td class='confluenceTd'> 200 </td>
<td class='confluenceTd'> Success </td>
</tr>
<tr>
<td class='confluenceTd'> 500 </td>
<td class='confluenceTd'> Failure, HTML (or JSON) explains failure. </td>
</tr>
</tbody></table>
</div>
<p>Example with curl:</p>
<div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent
panelContent">
<pre>curl -F:applyTo=myuser http://localhost:8080/test/node.deleteAce.html
</pre>
</div></div>
<h2><a name="Managingpermissions%28jackrabbit.accessmanager%29-Getpermissions"></a>Get
permissions</h2>
<h3><a name="Managingpermissions%28jackrabbit.accessmanager%29-BoundPermissions"></a>Bound
Permissions</h3>
<p>To get the permissions bound to a particular node in a json format for a node send
a GET request to <tt>/<path-to-the-node>.acl.json</tt>. </p>
<p>Example:</p>
<div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent
panelContent">
<pre>http://localhost:8080/test/node.acl.json
</pre>
</div></div>
<h3><a name="Managingpermissions%28jackrabbit.accessmanager%29-EffectivePermissions"></a>Effective
Permissions</h3>
<p>To get the permissions which are effective for a particular node in a json format
for a node send a GET request to <tt>/<path-to-the-node>.eacl.json</tt>.
</p>
<p>Example:</p>
<div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent
panelContent">
<pre>http://localhost:8080/test/node.eacl.json
</pre>
</div></div>
<div class='panelMacro'><table class='noteMacro'><colgroup><col width='24'><col></colgroup><tr><td
valign='top'><img src="/confluence/images/icons/emoticons/warning.gif" width="16" height="16"
align="absmiddle" alt="" border="0"></td><td>See section 16.3 of the JCR 2.0
specification for an explanation of the difference between bound and effective policies.</td></tr></table></div>
<h2><a name="Managingpermissions%28jackrabbit.accessmanager%29-SampleUserInterfaceImplementation"></a>Sample
User Interface Implementation</h2>
<p><em>Since Version 2.1.1</em></p>
<p>A sample implementation of ui pages for permissions management is provided @ <a
href="http://svn.apache.org/viewvc/sling/trunk/samples/accessmanager-ui/" class="external-link"
rel="nofollow">http://svn.apache.org/viewvc/sling/trunk/samples/accessmanager-ui/</a></p>
</div>
<div id="commentsSection" class="wiki-content pageSection">
<div style="float: right;">
<a href="https://cwiki.apache.org/confluence/users/viewnotifications.action"
class="grey">Change Notification Preferences</a>
</div>
<a href="https://cwiki.apache.org/confluence/display/SLINGxSITE/Managing+permissions+%28jackrabbit.accessmanager%29">View
Online</a>
|
<a href="https://cwiki.apache.org/confluence/pages/diffpagesbyversion.action?pageId=2852972&revisedVersion=9&originalVersion=8">View
Changes</a>
|
<a href="https://cwiki.apache.org/confluence/display/SLINGxSITE/Managing+permissions+%28jackrabbit.accessmanager%29?showComments=true&showCommentArea=true#addcomment">Add
Comment</a>
</div>
</div>
</div>
</div>
</div>
</body>
</html>
|