[
https://issues.apache.org/jira/browse/JCR-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13004112#comment-13004112
]
Tobias Bocanegra commented on JCR-2910:
---------------------------------------
i agree with jukka. Session.isAdmin() is not the correct way to enforce
security since it's not extendable. basically, all resources and services need
to be subject to access control. i'd rather add the respective policies like
(rep:backup) and check against them than a vague isAdmin() check.
> Please add JackrabbitSession.isAdmin()
> --------------------------------------
>
> Key: JCR-2910
> URL: https://issues.apache.org/jira/browse/JCR-2910
> Project: Jackrabbit Content Repository
> Issue Type: Improvement
> Reporter: Thomas Mueller
> Priority: Minor
>
> Currently finding out if the session user is an admin requires:
> JackrabbitSession js = (JackrabbitSession) session;
> User user = ((User) js.getUserManager().getAuthorizable(session.getUserID()));
> boolean isAdmin = user.isAdmin();
> Or: ((SessionImpl) session).isAdmin(). However casting to an implementation
> is problematic for several reasons.
> I think it would make sense to add isAdmin() to the JackrabbitSession
> interface, so the code above would be:
> ((JackrabbitSession) session).isAdmin()
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
