jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Angela Schreiber <anch...@adobe.com>
Subject Re: How to get the effective ACL for a given node
Date Fri, 12 Jul 2013 13:11:35 GMT
hi ulrich

short version:

- jcr:all -> is mandated to include all privileges exposed by a given impl
- jcr:write -> just item write (except for protected items which are covered by
  specific privileges)
- jcr:read -> read items (except for access control items)

please refer to JSR 283 for details on the different built in privileges
and further details such as the 'abstract' flag, aggregation and possible
extension points for the implementor.


On Jul 11, 2013, at 3:46 PM, Ulrich <Forums@gombers.de> wrote:

> Hello Angela,
> this will help. I thought to get a list of principals permitted for a specific
> privilege (e.g. jcr:read). Now I have to look at all specified privileges to see
> whether either jcr:read has been set, or whether it may be implicitely set by
> other specified privileges. I'm pretty sure that read-access is granted by
> jcr:all, but I'm not sure what jcr:write means - does this include jcr:read as
> well? And what about the other privileges?
> best regards,
> Ulrich
>> Angela Schreiber <anchela@adobe.com> hat am 11. Juli 2013 um 13:22
>> geschrieben:
>> hi ulrich
>> the following method is defined by the JCR specification:
>> javax.jcr.security.AccessControlManager#getEffectivePolicies(String absPath)
>> and returns an array of access control policies.
>> this this what you are looking for?
>> the jackrabbit API defines a variant that takes a set of principals instead
>> of a path.
>> kind regards
>> angela
>> On Jul 11, 2013, at 12:19 PM, Ulrich <Forums@gombers.de> wrote:
>>> for a given node I need to know the list of principals with jcr:read-access.
>>> I
>>> started to create my own method by retrieving all "rep:policy"-nodes along
>>> the
>>> branch to the node. Just getting these ACLs isn't really hard work but I
>>> have to
>>> consider the meaning of all the properties of the ACEs. I will do this but I
>>> would prefer to take an already existing method to check, if there one.
>>> I have had a look at "org.apache.jackrabbit.api.security", but this does not
>>> help here.
>>> Maybe someone in the community can give a hint.
>>> Thanks in advance;
>>> Ulrich

View raw message