From users-return-13038-apmail-jackrabbit-users-archive=jackrabbit.apache.org@jackrabbit.apache.org Fri Oct 16 11:49:17 2009
Return-Path: <users-return-13038-apmail-jackrabbit-users-archive=jackrabbit.apache.org@jackrabbit.apache.org>
Delivered-To: apmail-jackrabbit-users-archive@minotaur.apache.org
Received: (qmail 70511 invoked from network); 16 Oct 2009 11:49:17 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3)
  by minotaur.apache.org with SMTP; 16 Oct 2009 11:49:17 -0000
Received: (qmail 60847 invoked by uid 500); 16 Oct 2009 11:49:16 -0000
Delivered-To: apmail-jackrabbit-users-archive@jackrabbit.apache.org
Received: (qmail 60799 invoked by uid 500); 16 Oct 2009 11:49:16 -0000
Mailing-List: contact users-help@jackrabbit.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@jackrabbit.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@jackrabbit.apache.org>
List-Post: <mailto:users@jackrabbit.apache.org>
List-Id: <users.jackrabbit.apache.org>
Reply-To: users@jackrabbit.apache.org
Delivered-To: mailing list users@jackrabbit.apache.org
Received: (qmail 60788 invoked by uid 99); 16 Oct 2009 11:49:16 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 16 Oct 2009 11:49:16 +0000
X-ASF-Spam-Status: No, hits=-2.6 required=5.0
	tests=BAYES_00
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of aklimets@day.com designates 207.126.148.88 as permitted sender)
Received: from [207.126.148.88] (HELO eu3sys201aog102.obsmtp.com) (207.126.148.88)
    by apache.org (qpsmtpd/0.29) with SMTP; Fri, 16 Oct 2009 11:49:10 +0000
Received: from source ([209.85.216.189]) by eu3sys201aob102.postini.com ([207.126.154.11]) with SMTP
	ID DSNKSthdoJaw+Nzgssd9U8xlp9XrKfa6buqT@postini.com; Fri, 16 Oct 2009 11:48:49 UTC
Received: by pxi27 with SMTP id 27so1720092pxi.22
        for <users@jackrabbit.apache.org>; Fri, 16 Oct 2009 04:48:47 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.135.11 with SMTP id i11mr59655rvd.102.1255693727537; Fri, 
	16 Oct 2009 04:48:47 -0700 (PDT)
In-Reply-To: <95accef00910152308x34698660x18744854f34deede@mail.gmail.com>
References: <95accef00910142346o677c0122k95023561beda1509@mail.gmail.com>
	 <4AD73A8D.3050202@day.com>
	 <95accef00910152308x34698660x18744854f34deede@mail.gmail.com>
Date: Fri, 16 Oct 2009 13:48:47 +0200
Message-ID: <c3ac3bad0910160448n52d2bff6v3d8f5ba6f3183a9c@mail.gmail.com>
Subject: Re: Set the permission(read/write/all) on a node
From: Alexander Klimetschek <aklimets@day.com>
To: users@jackrabbit.apache.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On Fri, Oct 16, 2009 at 08:08, rohit mittal <rohit78600@gmail.com> wrote:
> Hi users,
>
> I have used this configuration for access manager in repository.xml
>
> =A0 =A0<AccessManager
> class=3D"org.apache.jackrabbit.core.security.DefaultAccessManager">
> =A0 =A0 =A0 =A0 =A0 <!-- =A0<param name=3D"config" value=3D"${rep.home}/a=
ccess.xml"/>
> -->
>
> =A0 =A0 =A0 =A0</AccessManager>
>
>
> =A0 =A0AccessControlManager acManager =3D sessionImpl.getAccessControlMan=
ager();
> =A0 =A0AccessControlPolicy acPolicy =3D null;
> =A0 =A0AccessControlList acl =3D null;
> =A0 =A0String nodePath =3D folderNode.getPath();
> =A0 =A0AccessControlPolicyIterator policyIterator =3D
> acManager.getApplicablePolicies(nodePath);
> =A0 =A0if (policyIterator.hasNext())
> =A0 =A0{
> =A0 =A0 =A0 =A0acPolicy =3D policyIterator.nextAccessControlPolicy();
> =A0 =A0}
> =A0 =A0else
> =A0 =A0{
> =A0 =A0 =A0 =A0AccessControlPolicy[] existingPolicies =3D
> acManager.getPolicies(nodePath);
> =A0 =A0 =A0 =A0acPolicy =3D existingPolicies[0];
> =A0 =A0}
> =A0 =A0if (acPolicy instanceof AccessControlList)
> =A0 =A0{
> =A0 =A0 =A0 =A0acl =3D (AccessControlList) acPolicy;
> =A0 =A0 =A0 =A0Privilege[] privileges =3D {
> acManager.privilegeFromName(Privilege.JCR_ALL) };
> =A0 =A0 =A0 =A0Principal p_myUser =3D new PrincipalImpl("user1");
> =A0 =A0 =A0 =A0boolean flag =3D acl.addAccessControlEntry(p_myUser, privi=
leges);
> =A0 =A0 =A0 =A0System.out.println("..........................." + flag);
> =A0 =A0 =A0 =A0acManager.setPolicy(nodePath, acl);
> =A0 =A0 =A0 =A0sessionImpl.save();
> =A0 =A0 =A0 =A0session.save();
> =A0 =A0}
>
> =A0 In this code
> =A0 acl.addAccessControlEntry(p_myUser, privileges); =A0always return fal=
se for
> when i login to user and its return true only for when i login to admin.

I guess that's because not everyone is allowed to set ACLs (there is a
separate right for that) and by default only the admin user is allowed
to do that (afaik).

Regards,
Alex

--=20
Alexander Klimetschek
alexander.klimetschek@day.com