jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bart van der Schans (JIRA)" <j...@apache.org>
Subject [jira] Commented: (JCR-2910) Please add JackrabbitSession.isAdmin()
Date Wed, 09 Mar 2011 11:18:01 GMT

    [ https://issues.apache.org/jira/browse/JCR-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13004479#comment-13004479
] 

Bart van der Schans commented on JCR-2910:
------------------------------------------

I agree with Felix. Many attempts have been made to get rid of or restrict the "root" concept
in unix/linux like rbsac, selinux grsecurity or even with sudo (iirc the root user in netbsd
is even just another regular user by default) A user should just have the privileges/permissions
to do something or not. 

Also the User.isAdmin() method is not really clear in it's meaning. Are you the user "admin"?
Or belong to a group of admins? Or do you have some kind of admin privileges?

Imo you should never check whether a user is "admin", just check if the user has the appropriate
privileges.



> Please add JackrabbitSession.isAdmin()
> --------------------------------------
>
>                 Key: JCR-2910
>                 URL: https://issues.apache.org/jira/browse/JCR-2910
>             Project: Jackrabbit Content Repository
>          Issue Type: Improvement
>            Reporter: Thomas Mueller
>            Priority: Minor
>
> Currently finding out if the session user is an admin requires:
> JackrabbitSession js = (JackrabbitSession) session;
> User user = ((User) js.getUserManager().getAuthorizable(session.getUserID()));
> boolean isAdmin = user.isAdmin();
> Or: ((SessionImpl) session).isAdmin(). However casting to an implementation is problematic
for several reasons.
> I think it would make sense to add isAdmin() to the JackrabbitSession interface, so the
code above would be:
> ((JackrabbitSession) session).isAdmin()

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message