jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Markus Joschko <markus.josc...@gmail.com>
Subject Conditional access control
Date Mon, 10 Oct 2011 21:02:32 GMT
In my repository I have a structure that has many deep branches.
Within these branches there are three different types of nodes.
Each type is maintained by another group of users. These groups can be
configured per branch
(it's a bit like in a file system where one group can only maintain
the folders and the other group only the files in a branch).

Now the question is how to best handle the access control here.
I can:
- either add an ace to each and every node in the repository and pay
the price that I have to maintain a lot of them in case ownership of a
branch changes or subbranches are moved into different branches.
- find a way to hook into the accesscontrol mechanism of jackrabbit to
make this easier. So far I have failed to find a good way to do so.
  I initially thought about introducing custom privileges that can be
used as markers and then extend the ACLProvider to take these
privileges also into account when calculating permissions.
  However from looking at the code it seems to me, that custom
privileges can only be defined as aggregates of existing privileges
and then also the aggregate can not exist twice. I guess it is not a
  idea to create artificial aggregates just to define new privileges.
- an alternative might be to create new accesscontrol entries that do
not only have path restrictions but also nodetype restrictions.
However that seems to be quite invasive and a lot of work.

Any other ideas how to tackle that problem?

- Markus

View raw message