[jira] Commented: (JCR-2910) Please add JackrabbitSession.isAdmin()

Wed, 09 Mar 2011 01:21:27 -0800 

    [ 
https://issues.apache.org/jira/browse/JCR-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13004430#comment-13004430
 ] 

Thomas Mueller commented on JCR-2910:
-------------------------------------

> .isAdmin() is not the correct way to enforce security.

So please add a new issue: remove User.isAdmin(). Personally, I believe 
isAdmin() is a good concept, because it's simple and easy to understand. There 
is a good reason why all operating systems support it.

> if we later decided to extend backup rights

Such statements are a clear sign over "YAGNI": 
http://en.wikipedia.org/wiki/You_ain%27t_gonna_need_it

The main problem with the "what if" statements is that they don't reflect 
reality. If nobody ever requested the feature so far, then there is most likely 
no need for it in the future. Adding features "in advance" just because 
"somebody might (!) want it in the future" is a well known time waster. If we 
really add the feature in the future, then the easiest solution is to change it 
at that time.

I believe in "make things as simple as possible". Artificially adding 
complexity doesn't help anybody. 

It's just wasting time.


> Please add JackrabbitSession.isAdmin()
> --------------------------------------
>
>                 Key: JCR-2910
>                 URL: https://issues.apache.org/jira/browse/JCR-2910
>             Project: Jackrabbit Content Repository
>          Issue Type: Improvement
>            Reporter: Thomas Mueller
>            Priority: Minor
>
> Currently finding out if the session user is an admin requires:
> JackrabbitSession js = (JackrabbitSession) session;
> User user = ((User) js.getUserManager().getAuthorizable(session.getUserID()));
> boolean isAdmin = user.isAdmin();
> Or: ((SessionImpl) session).isAdmin(). However casting to an implementation 
> is problematic for several reasons.
> I think it would make sense to add isAdmin() to the JackrabbitSession 
> interface, so the code above would be:
> ((JackrabbitSession) session).isAdmin()

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to