jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ulrich <For...@gombers.de>
Subject Re: How to get the effective ACL for a given node
Date Fri, 12 Jul 2013 13:51:37 GMT
Thank you. I had read the definitions on several webpages but I'm always
wondering whether I got it right. The property "jcr:write" for example consists
of jcr:modifyProperties (and serveral others). In my understanding of the word
"modify" you must know the subject if you want to change it. The
IBM-Host-security for example grants implicitely READ if you are
WRITE-permitted. The Unix-Filesystem-permission distincts the both, I know.
But I see your point and say thank you very much.
Ulrich

> Angela Schreiber <anchela@adobe.com> hat am 12. Juli 2013 um 15:11
> geschrieben:
>
>
> hi ulrich
>
> short version:
>
> - jcr:all -> is mandated to include all privileges exposed by a given impl
> - jcr:write -> just item write (except for protected items which are covered
> by
>   specific privileges)
> - jcr:read -> read items (except for access control items)
>
> please refer to JSR 283 for details on the different built in privileges
> and further details such as the 'abstract' flag, aggregation and possible
> extension points for the implementor.
>
> regards
> angela
>
> On Jul 11, 2013, at 3:46 PM, Ulrich <Forums@gombers.de> wrote:
>
> > Hello Angela,
> >
> > this will help. I thought to get a list of principals permitted for a
> > specific
> > privilege (e.g. jcr:read). Now I have to look at all specified privileges to
> > see
> > whether either jcr:read has been set, or whether it may be implicitely set
> > by
> > other specified privileges. I'm pretty sure that read-access is granted by
> > jcr:all, but I'm not sure what jcr:write means - does this include jcr:read
> > as
> > well? And what about the other privileges?
> >
> > best regards,
> > Ulrich
> >
> >> Angela Schreiber <anchela@adobe.com> hat am 11. Juli 2013 um 13:22
> >> geschrieben:
> >>
> >>
> >> hi ulrich
> >>
> >> the following method is defined by the JCR specification:
> >>
> >> javax.jcr.security.AccessControlManager#getEffectivePolicies(String
> >> absPath)
> >> and returns an array of access control policies.
> >>
> >> this this what you are looking for?
> >> the jackrabbit API defines a variant that takes a set of principals instead
> >> of a path.
> >>
> >> kind regards
> >> angela
> >>
> >> On Jul 11, 2013, at 12:19 PM, Ulrich <Forums@gombers.de> wrote:
> >>
> >>> for a given node I need to know the list of principals with
> >>> jcr:read-access.
> >>> I
> >>> started to create my own method by retrieving all "rep:policy"-nodes along
> >>> the
> >>> branch to the node. Just getting these ACLs isn't really hard work but I
> >>> have to
> >>> consider the meaning of all the properties of the ACEs. I will do this but
> >>> I
> >>> would prefer to take an already existing method to check, if there one.
> >>> I have had a look at "org.apache.jackrabbit.api.security", but this does
> >>> not
> >>> help here.
> >>> Maybe someone in the community can give a hint.
> >>> Thanks in advance;
> >>> Ulrich
> >>
>

Mime
View raw message