jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Guillaume Belrose <kafe...@gmail.com>
Subject Restrict access to a node's content with a glob pattern when using resource based ACLs.
Date Wed, 18 Jan 2012 17:09:01 GMT
Hi all,

I am working on a software product which uses Jackrabbit access
control mechanism to restrict how users can access information stored
in nodes organized as a hierarchy. A requirement of my system is that
part of the hierarchy is fixed and can only be updated by admin users.
Within nodes of the hierarchy, users are free to create/modify/delete
other nodes to organize content as they see fit.

For a given node, I have the need to grant users write access on the
content of the node, but not on the node itself.

After some trial and error, I seem to have achieved this by using glob
patterns on the node I am trying to protect (this is Scala code, but
the Java version would be very similar):

                        val vf = session.getValueFactory
                        // Setting an ACL on the parent node so that
the user username can't modify the parent node while being granted all
rights on the content of the parent node.
	    	  	    ,Map("rep:glob" -> vf.createValue("*"))
	    	  	    ,Map("rep:glob" -> vf.createValue("/*"))

This seems to work, users are free to create/delete nodes within a
parent node, but are not allowed to delete the parent node itself.
However I am just wondering if there is a lighter way of achieving the
same result.

Thanks in advance,


View raw message