jackrabbit-oak-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Angela Schreiber <anch...@adobe.com>
Subject Re: svn commit: r1537553 - in /jackrabbit/oak/trunk: oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/ oak-core/src/test/jav...
Date Thu, 31 Oct 2013 21:27:57 GMT
hi

this breaks existing code which IMHO is not an option.

kind regards
angela

On 10/31/13 8:29 PM, "Tobias Bocanegra" <tripod@apache.org> wrote:

>sorry, I saw https://issues.apache.org/jira/browse/JCR-3641 too late.
>I would object :-) and only use the following signature:
>
>   boolean addEntry(Principal principal, Privilege[] privileges,
>boolean isAllow, Map<String, Value[]> mvRestrictions)
>
>Regards, toby
>
>
>
>On Thu, Oct 31, 2013 at 11:55 AM, Angela Schreiber <anchela@adobe.com>
>wrote:
>> this is public API and i don't want to break existing code. originally
>> i thought that restrictions will never be multivalued, otherwise i would
>> have defined the original extension differently (right away with an
>>array).
>>
>> on the other hand i am sure that a given implementation of the OAK
>> restriction provider will be very specific on whether a given
>>restriction
>> can/must be single value or multivalued.
>>
>> and i decided not to follow your other proposal (using separate
>>interface
>> for
>> the restrictions in jackrabbit-api) and this would lead to major changes
>> throughout
>> the security api just to make it consistent... i felt that this is not
>> worth
>> the effort.
>>
>> kind regards
>> angela
>>
>> On 10/31/13 7:34 PM, "Tobias Bocanegra" <tripod@apache.org> wrote:
>>
>>>Hi,
>>>
>>>> ---
>>>>jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/s
>>>>pi
>>>>/security/authorization/accesscontrol/ImmutableACL.java (original)
>>>> +++
>>>>jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/s
>>>>pi
>>>>/security/authorization/accesscontrol/ImmutableACL.java Thu Oct 31
>>>>16:54:20 2013
>>>> @@ -76,6 +76,11 @@ public class ImmutableACL extends Abstra
>>>>      }
>>>>
>>>>      @Override
>>>> +    public boolean addEntry(Principal principal, Privilege[]
>>>>privileges, boolean isAllow, Map<String, Value> restrictions,
>>>>Map<String, Value[]> mvRestrictions) throws AccessControlException {
>>>> +        throw new AccessControlException("Immutable ACL. Use
>>>>AccessControlManager#getPolicy or #getApplicablePolicies in order to
>>>>obtain an modifiable ACL.");
>>>> +    }
>>>> +
>>>> +    @Override
>>>
>>>Can't we just use the "Map<String, Value[]> mvRestrictions" argument?
>>>having both seems a bit awkward. or is there a difference if I specify
>>>a restriction with an 1 value array or a restriction with 1 value?
>>>
>>>
>>>Regards, Toby
>>


Mime
View raw message