jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ABAM <insti...@hotmail.com>
Subject Re: AccessControll
Date Thu, 03 May 2012 16:07:08 GMT
Hello Angela, thank you very much for your response.
I try to follow your recommendation but I still have issues.

What I am trying to do is (behavior that I am trying to achieve):

- Create user "someuser"
- Create /agb:Templates/agb:TemplateRead and /agb:Templates/agb:TemplateAll
nodes.
- User "someuser" be able to delete & modify agb:TemplateAll node.
- User "someuser" be able to just read (not delete, not update)
agb:TemplateRead node.

I order to do that I create the bellow structure but with the bellow
structure "someuser" is able to delete
/agb:Templates/agb:TemplateRead/agb:DatatypeProperties, this is a expected
behavior due to the jcr:removeChildNodes added on /agb:Templates but is not
desire according to my goal, I can not remove jcr:removeChildNodes from
/agb:Templates becuase I need it in order to be able to delete
/agb:Templates/agb:TemplateAll and the nodes bellow.

What I think I can do to get my goal is add a "deny jcr:removeChildNodes"
Jackrabbit access on /agb:Templates/agb:TemplateRead. Thinking in more users
and nodes I think is not the best think to do. Do you think of any other
approach that I can try to achieve the behavior that I want?

Hope you can help me and again thank you very much.

/agb:Templates[
	jcr:mixinTypes: rep:AccessControllable, 
	agb:label: Templates
	jcr:primaryType: nt:unstructured
	/agb:Templates/rep:policy[
		jcr:primaryType: rep:ACL
		/agb:Templates/rep:policy/allow[
			rep:privileges: jcr:removeChildNodes, jcr:readAccessControl, 
			rep:principalName: someuser
			jcr:primaryType: rep:GrantACE
			
		
	/agb:Templates/agb:TemplateRead[
		jcr:uuid: 8cf35f57-c8fa-4efd-ab4f-26b8eb5baf51
		jcr:mixinTypes: mix:referenceable, rep:AccessControllable, 
		agb:label: template read
		jcr:primaryType: nt:unstructured
		/agb:Templates/agb:TemplateRead/rep:policy[
			jcr:primaryType: rep:ACL
			/agb:Templates/agb:TemplateRead/rep:policy/allow[
				rep:privileges: jcr:read, jcr:readAccessControl, 
				rep:principalName: someuser
				jcr:primaryType: rep:GrantACE
				
			
		/agb:Templates/agb:TemplateRead/agb:DatatypeProperties [
			agb:label: DatatypeProperties
			jcr:primaryType: nt:unstructured
			
		/agb:Templates/agb:TemplateRead/agb:ObjectProperties[
			agb:label: ObjectProperties
			jcr:primaryType: nt:unstructured
			
		
	/agb:Templates/agb:TemplateAll[
		jcr:uuid: f3d65b65-110e-4e45-98f1-97fe727113f9
		jcr:mixinTypes: mix:referenceable, rep:AccessControllable, 
		agb:label: template all
		jcr:primaryType: nt:unstructured
		/agb:Templates/agb:TemplateAll/rep:policy[
			jcr:primaryType: rep:ACL
			/agb:Templates/agb:TemplateAll/rep:policy/allow[
				rep:privileges: jcr:all, 
				rep:principalName: someuser
				jcr:primaryType: rep:GrantACE
				
			
		/agb:Templates/agb:TemplateAll/agb:DatatypeProperties[
			agb:label: DatatypeProperties
			jcr:primaryType: nt:unstructured
			
		/agb:Templates/agb:TemplateAll/agb:ObjectProperties[
			agb:label: ObjectProperties
			jcr:primaryType: nt:unstructured



--
View this message in context: http://jackrabbit.510166.n4.nabble.com/AccessControll-tp4604580p4606411.html
Sent from the Jackrabbit - Users mailing list archive at Nabble.com.

Mime
View raw message