jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tobias Bocanegra <tri...@adobe.com>
Subject Re: Setting permissions
Date Sat, 17 Sep 2011 20:58:28 GMT
hi francisco,

if you are using normal resource based ACLs you can manage them with
the provided interfaces.

example to grant all rights to everyone:

AccessControlManager aMgr = session.getAccessControlManager();
Privilege[] privileges = new
Privilege[]{aMgr.privilegeFromName(Privilege.JCR_ALL)};

// find the ACL policy
JackrabbitAccessControlList acl;
try {
   acl = (JackrabbitAccessControlList)
aMgr.getApplicablePolicies(path).nextAccessControlPolicy();
} catch (NoSuchElementException e) {
   acl = (JackrabbitAccessControlList) aMgr.getPolicies(path)[0];
}

// remove all existing ACEs
for (AccessControlEntry e : acl.getAccessControlEntries()) {
  acl.removeAccessControlEntry(e);
}
acl.addEntry(EveryonePrincipal.getInstance(), privileges, true);
aMgr.setPolicy(path, acl);
session.save();

(the above code is a bit a hack, as it catches the
NoSuchElementException from the iterator.next - but i hadn't a nicer
example ready)
the point here is, that 'getApplicablePolicies' will return an empty
iterator if there is already a policy defined on that path. usually
(in the default implementation) there is only 1 policy, the
JackrabbitAccessControlList. And either it's applicable, or already
defined. the rock solid approach would be do iterate over applicable
or getPolicies until you find a 'JackrabbitAccessControlList'.

hope this helps.
regards, toby

On Tue, Sep 13, 2011 at 12:04 AM, Francisco Carriedo Scher
<fcarriedos@gmail.com> wrote:
> Ok, guessing that i need to extend AbstractAccessManager with my own class
> and override setPolicyMethod, which is exactly the best way to bind a Policy
> object to a Node object? Is it up to the designer?
>
> Thanks for your attention, greetings!
>
Mime
View raw message