jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <Sascha.The...@innovations.de>
Subject AW: How to retrieve the node id in AccessManager of a removed node
Date Tue, 17 Aug 2010 06:20:37 GMT
Hi Alex,

thanks for your fast replies. I also thought about the solutions u suggest. Storing our rules
by path results in a refactoring overhead when a node is renamed. That was the reason why
we want to take the node id instead of its path. 
Your 2. suggestion should work and I think I will implement it like this but that results
in an extra permission check _before_ we call save on the node. That is not nice because u
can also remove the node without that check, means the permission check is not forced for
each node removal. But I think that is ok for our app. We always have to go over our self
defined remove method with the extra permission check.

I think the behaviour in the AccessManager is a little bit strange because u can not always
obtain the whole information of a removed node. The path of the node is not always sufficient.

But thanks for your answers.



-----Urspr√ľngliche Nachricht-----
Von: Alexander Klimetschek [mailto:aklimets@day.com] 
Gesendet: Montag, 16. August 2010 20:30
An: users@jackrabbit.apache.org
Betreff: Re: How to retrieve the node id in AccessManager of a removed node

On Mon, Aug 16, 2010 at 19:03,  <Sascha.Theves@innovations.de> wrote:
> Hi,
> our permissions are defined in a separate db scheme with its own database tables. In
these tables we reference only the node id of the JCR nodes on which we have defined some
own permissions because that id is unique and is not changed when the node is renamed. When
the user removes a node we want to check the permission tables if the user is allowed to do
so. Therefore we need the uuid of the node that is being deleted to check the permissions
because we have to know what node is deleted.

You should be able to do so _before_ the session is persisted via save
(but I don't know the exact internals of the access control manager
and when it is called for a node removal).

Otherwise I would suggest to store your ACL rules by path and not by
node uuid, just as the principal-based authorization in Jackrabbit
works. This is much more handy for defining rules, for non-existent
nodes for example.


Alexander Klimetschek

View raw message