jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ard Schrijvers <a.schrijv...@onehippo.com>
Subject Re: Shareable nodes and access control
Date Wed, 28 Jul 2010 06:53:44 GMT
Hello Toby,

On Tue, Jul 27, 2010 at 11:01 PM, Tobias Bocanegra
<tobias.bocanegra@day.com> wrote:
> hi,
> On Mon, Jul 26, 2010 at 1:12 PM, Ard Schrijvers
> <a.schrijvers@onehippo.com> wrote:
>> Hello,
>> From the spec jsr-283 I cannot get my head around one thing:
>> * What is the expected behaviour of modifying child nodes of shared
>> nodes, when you are not allowed to read the child nodes of one of the
>> shared nodes (because of some access path constraint for example).
> i'm not sure how exactly it is implemented currently, but for resource
> based access control, i think that only the primary ancestors inherit
> the ACLs.
> so the ACL of a shared set is the one of the primary node. for user
> centric access control, it's of course path based.

The ambiguity with the ACL based on the primary ancestor, is that
through the shared set, you could change a descendant shared node in a
complete different part of the tree, which you are not allowed to
read.. OTOH, perhaps it makes perfect sense: I assume it works the
same for symlinks

Thx Toby

Regards Ard

> regards, toby

View raw message