jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Moseley <...@osafoundation.org>
Subject access control on version storage
Date Fri, 01 Apr 2005 21:08:07 GMT

preface: i've set up a workspace that contains home directories for my 
WebDAV server's users. i've written a custom AccessManager that allows 
root users to access any item in the workspace, but regular users can 
only access items within their home directories.

i've now run into the problem that when a regular user tries to create 
an item underneath his homedir node, a version history is created, but 
my AccessManager doesn't give him write access to 
/jcr:system/jcr:versionStorage.

i'm trying to formulate an access control policy for the version storage 
so that user A can't access user B's version histories. does the below 
make sense?

1) if the item i'm checking permissions for represents a version history 
node, then find the versionable node it represents and check permissions 
for that node instead

2) if the item i'm checking permissions for represents a version node, 
find its parent version history node, then do step 1

assuming that is a good approach, what api can i use to implement it? an 
access manager only has a HierarchyManager and an ItemId to work with, 
so i can't see how to examine node types and so forth.

thanks for any advice!

Mime
View raw message