jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Felix Meschberger (JIRA)" <j...@apache.org>
Subject [jira] Commented: (JCR-2910) Please add JackrabbitSession.isAdmin()
Date Wed, 09 Mar 2011 10:45:00 GMT

    [ https://issues.apache.org/jira/browse/JCR-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13004463#comment-13004463
] 

Felix Meschberger commented on JCR-2910:
----------------------------------------

> So please add a new issue: remove User.isAdmin().

+1

The isAdmin method makes no sense: What is the semantics a user being admin anyway ? Sounds
like some wrong (or old outdated) solution which can now be better handled with real access
control and user management.

> Personally, I believe isAdmin() is a good concept, because it's simple and easy to understand.
> There is a good reason why all operating systems support it. 

That's not really true.

Core Unix, which is a methusalem in computer counting, has the concept of the single root
user and many things check for uid==0.

But over time better systems have been developed and nowadays unix also sports a privilege
system which allows assigning rights for regular system administration tasks to regular users.
Ok internally it still reverts to using root (probably) but this is an implementation detail.

This is why I don't like the isAdmin() method, neither on the [Jackrbabbit]Session nor on
the User.

Rather start defining real-world usable permissions, which is nowadays possible and can be
used.

> Please add JackrabbitSession.isAdmin()
> --------------------------------------
>
>                 Key: JCR-2910
>                 URL: https://issues.apache.org/jira/browse/JCR-2910
>             Project: Jackrabbit Content Repository
>          Issue Type: Improvement
>            Reporter: Thomas Mueller
>            Priority: Minor
>
> Currently finding out if the session user is an admin requires:
> JackrabbitSession js = (JackrabbitSession) session;
> User user = ((User) js.getUserManager().getAuthorizable(session.getUserID()));
> boolean isAdmin = user.isAdmin();
> Or: ((SessionImpl) session).isAdmin(). However casting to an implementation is problematic
for several reasons.
> I think it would make sense to add isAdmin() to the JackrabbitSession interface, so the
code above would be:
> ((JackrabbitSession) session).isAdmin()

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message