[
https://issues.apache.org/jira/browse/OFBIZ-4841?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13261395#comment-13261395
]
Scott Gray commented on OFBIZ-4841:
-----------------------------------
Also to use your example Pierre, if a CRM user needed to access a certain
invoice/agreement then the content access control should allow it based on the
same permission checks use to allow access to view the invoice from the OFBiz
database. So if you can view the invoice then you should be able to view it's
representations in the content repo as well.
All of these things can be achieved by defining permission rules against nodes
which would them be inherited by descendent nodes.
e.g. to read the "/invoices/*" node we might define a permission check that
requires the user to either have the ACCOUNTING_VIEW, or otherwise be a party
to the invoice (perhaps a representative of the from/to party). All child
nodes of invoice would then inherit this check, such as "/invoices/1000123/pdf".
> Have a workspace for each application/component in a repository
> ---------------------------------------------------------------
>
> Key: OFBIZ-4841
> URL: https://issues.apache.org/jira/browse/OFBIZ-4841
> Project: OFBiz
> Issue Type: Sub-task
> Components: framework
> Affects Versions: SVN trunk
> Reporter: Pierre Smits
> Priority: Critical
>
> In order to separate access to jcr content each application should have its
> own workspace in the repository.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
