Hi,
I finally managed to make the "set permissions to creator" part working.
Find the (for most of you probably obvious) code further down.
I still can't get the following done:
Getting these permanent-and-never-can-be-undone READ-GRANT for group
"Everyone" out of the repository. As you say, Ian, I can't deny a
permission, once it has been set. But I never set it. It is Sling doing
it somewhere and I can't find out where. I would like to get rid of that
part of Sling, where it grants read access to Everyone and write access
to everyone logged in... Where is that set?
I can't find it in PluggableDefaultAccessManager, e.g., whereas I could
find something like that in the jackrabbit source in
SimpleAccessManager. But that bits are not used by sling (apparently).
If I could just recreate an empty repository without these annoying
never-can-be-undone group-permission set, I would be fine. Can anyone
advise me how this is accomplished?
It might also have something to do with that EveryonePrincipal. But in
my source code browsing I couldn't find out the link between my problem
and this java class.
thanks a lot for your help again.
thosten
Following my code inside SlingPostProcessor Implementation to create an
AC-Entry for the current user, who created the new node:
AccessControlManager accessController =
AccessControlUtil.getAccessControlManager(session);
AccessControlPolicyIterator applicablePolicies =
accessController.getApplicablePolicies(currentNode.getPath());
AccessControlList acl = null;
while (applicablePolicies.hasNext()) {
AccessControlPolicy policy =
applicablePolicies.nextAccessControlPolicy();
if (policy instanceof AccessControlList) {
acl = (AccessControlList)policy;
break;
}
}
if (acl == null)
return;
Privilege[] supportedPrivileges =
accessController.getSupportedPrivileges(currentNode.getPath());
// grant ALL supported privileges to creator
Principal principal = authorizable.getPrincipal();
acl.addAccessControlEntry(principal,supportedPrivileges);
accessController.setPolicy(currentNode.getPath(), acl);
