jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Thomas Mueller (JIRA)" <j...@apache.org>
Subject [jira] Commented: (JCR-2910) Please add JackrabbitSession.isAdmin()
Date Wed, 09 Mar 2011 09:20:59 GMT

    [ https://issues.apache.org/jira/browse/JCR-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13004430#comment-13004430
] 

Thomas Mueller commented on JCR-2910:
-------------------------------------

> .isAdmin() is not the correct way to enforce security.

So please add a new issue: remove User.isAdmin(). Personally, I believe isAdmin() is a good
concept, because it's simple and easy to understand. There is a good reason why all operating
systems support it.

> if we later decided to extend backup rights

Such statements are a clear sign over "YAGNI": http://en.wikipedia.org/wiki/You_ain%27t_gonna_need_it

The main problem with the "what if" statements is that they don't reflect reality. If nobody
ever requested the feature so far, then there is most likely no need for it in the future.
Adding features "in advance" just because "somebody might (!) want it in the future" is a
well known time waster. If we really add the feature in the future, then the easiest solution
is to change it at that time.

I believe in "make things as simple as possible". Artificially adding complexity doesn't help
anybody. 

It's just wasting time.


> Please add JackrabbitSession.isAdmin()
> --------------------------------------
>
>                 Key: JCR-2910
>                 URL: https://issues.apache.org/jira/browse/JCR-2910
>             Project: Jackrabbit Content Repository
>          Issue Type: Improvement
>            Reporter: Thomas Mueller
>            Priority: Minor
>
> Currently finding out if the session user is an admin requires:
> JackrabbitSession js = (JackrabbitSession) session;
> User user = ((User) js.getUserManager().getAuthorizable(session.getUserID()));
> boolean isAdmin = user.isAdmin();
> Or: ((SessionImpl) session).isAdmin(). However casting to an implementation is problematic
for several reasons.
> I think it would make sense to add isAdmin() to the JackrabbitSession interface, so the
code above would be:
> ((JackrabbitSession) session).isAdmin()

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message