On 25 Oct 2009, at 13:01, thorsten zerha wrote:
Hi,
I'm sorry to annoy you with my problem in this list as well (I
posted this question in the -users list already, nobody replied),
but maybe I put myself a bit unclear and also, I have the feeling,
the -dev list is frequented by much more people.
I'm trying to get the following done:
A newly created content node should only be accessible (including
read-permissions) by it's creator. That doesn't seem to be sling's
default settings.
I couldn't find any suitable documentation or sample code how this
is done. Do I have to implement my own PluggableDefaultAccessManager
or AccessManagerPluginFactory? Former doesn't come with much
explanation in the source code. Any further hints?
Or could this be done with the existing AM, adding some
AccessControlUtil.addEntry in a SlingPostProcessor?
Hi,
Sorry for not responding earlier, sometimes posts scroll past and dont
get caught so waiting a week and asking again is (IMHO) the right
thing to do.
There are several options.
1. As you have mentioned, implement a PluggagleDefaultAccessManager or
AccessManagerPluginFactory, the doing either of these is likely to
result in either a lot of work or loosing Jackrabbits excelent
DefaultAccessManager implementation.
2. Adding a Sling Post Process or to add an ACL for the node on
creation allowing the user who created the node permissions is
probably the simplest and most direct. This has one caveat, that all
node creation happens through Sling and there are no custom servlets
that create nodes without putting the correct ACL's on
3. Patching the DefaultAccessManager to have dynamic principals driven
by node properties. This is the route I have taken, but my use case is
much wider than owner write. The big negative of this approach is I
need a custom Sling jcr server bundle which is a real pain to maintain.
Ian
thanks for any hints.
thorsten
