jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vikas Saurabh <vikas.saur...@gmail.com>
Subject Re: Minimum permissions to carry out a move operation
Date Sun, 13 Oct 2013 13:36:07 GMT
To add a bit of context of why I want to understand the permissions. I am
making a small app which has a node for courses which should allow everyone
in author group to create courses. But, of course, I don't want different
authors to mess around with each other's courses.

For this, I could have courses from a particular author under their own
area (say, .../author1/courses). But, for quick listing of courses I want
to have at least a reference to actual course node in a common area (say,

So, let's say author a1 created course c1 and author a2 created course c2,
then I'd have a structure that looks something like:
<some root>
   --courses (read to a1 write to all)
   --courses (read to a1 write to all)
--courses (add/removeChildNodes to author group)
   --ref-c1 [link=/a1/courses/c1] (removeNode to a1)
   --ref-c2 [link=/a2/courses/c2] (removeNode to a2)

Now, since I need to have ref-c1 have an extra layer of ACL (removeNode to
a1), I plan to create ref-c1 in some special scratchpad area, give the
required ACL to ref-c1 and then move it under /a1/courses.
But, to do that I need to have read permission given to author group to all
elements in path / to .../courses.
Alongwith that, I need to give nodeTypeManagement to authors on
.../courses/* (since ref-c1 still doesn't exist under .../courses). But,
with /* even a2 would get nodeTypeManagement on c1 which I don't want to
do. This is what I really don't want to do and haven't been able to work
out how to handle it.

Also, I might be thinking about it in a completely incorrect way. Please
correct me, if that's so.


View raw message