[jira] Commented: (JCR-2910) Please add JackrabbitSession.isAdmin

Tue, 08 Mar 2011 05:39:26 -0800 

    [ 
https://issues.apache.org/jira/browse/JCR-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13003935#comment-13003935
 ] 

Thomas Mueller commented on JCR-2910:
-------------------------------------

> The API we expose for these operations should simply throw exceptions if the 
> user doesn't have enough access rights.

That's exactly what I want to do. However, for this to implement, I need to 
know whether the current user has admin rights.

> Session.hasCapability()

That's boolean  Session.hasCapability(java.lang.String methodName, 
java.lang.Object target, java.lang.Object[] arguments) throws 
RepositoryException - which is even worse than Session.checkPermission("/", 
"admin"), well checkPermission isn't all that great because the second is a 
string property, and defined actions are "add_node", "set_property", "remove", 
and "read".

As for the use case, I guess it's similar to find out if a Linux user is root. 
I would guess that's fairly easy in any API.

> If your code works purely on the JCR API level

As I already wrote, I want to find out if the current logged in user is admin, 
because I want to backup the file system (just as an example).

> SessionImpl.isAdmin() shouldn't be a problem

I repeat myself: it *is* a problem. One reason is that it doesn't work with 
virtual repositories. Casting to an implementation class is never really a good 
idea.

So let's go for JackrabbitSession.getUser().



> Please add JackrabbitSession.isAdmin
> ------------------------------------
>
>                 Key: JCR-2910
>                 URL: https://issues.apache.org/jira/browse/JCR-2910
>             Project: Jackrabbit Content Repository
>          Issue Type: Improvement
>            Reporter: Thomas Mueller
>            Priority: Minor
>
> Currently finding out if the session user is an admin requires:
> JackrabbitSession js = (JackrabbitSession) session;
> User user = ((User) js.getUserManager().getAuthorizable(session.getUserID()));
> boolean isAdmin = user.isAdmin();
> Or: ((SessionImpl) session).isAdmin(). However casting to an implementation 
> is problematic for several reasons.
> I think it would make sense to add isAdmin() to the JackrabbitSession 
> interface, so the code above would be:
> ((JackrabbitSession) session).isAdmin()

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to