[jira] [Updated] (SLING-10906) Implement ResourceAccessSecurity.can...Value()

Wed, 03 Nov 2021 11:16:07 -0700 


     [ 
https://issues.apache.org/jira/browse/SLING-10906?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Konrad Windszus updated SLING-10906:
------------------------------------
    Description: 
Currently all methods:

# {{canReadValue}}
# {{canSetValue}} and
# {{canDeleteValue}}

always return {{false}} in {{ResourceAccessSecurityImpl}}. Although those 
methods are not used from the resource resolver or any resource provider they 
should be implemented based on information from the {{ResourceAccessGate}}.

At the same time the canCreate...Value(s) methods in the {{ResourceAccessGate}} 
need to be deprecated as there is no dedicated create method for a property in 
Sling Resource API (both creation and update use the same mechanism).
The {{canReadValue}} must also be evaluated before inside 
{{ResourceAccessSecurityImpl.getReadableResource()}} to only expose a subset of 
properties.

  was:
Currently all methods:

# {{canReadValue}}
# {{canSetValue}} and
# {{canDeleteValue}}

always return {{false}} in {{ResourceAccessSecurityImpl}}. Although those 
methods are not used from the resource resolver or any resource provider they 
should be implemented based on information from the {{ResourceAccessGate}}.

At the same time the canCreate...Value(s) methods in the {{ResourceAccessGate}} 
need to be deprecated as there is no dedicated create method for a property in 
Sling Resource API (both creation and update use the same mechanism).


> Implement ResourceAccessSecurity.can...Value() 
> -----------------------------------------------
>
>                 Key: SLING-10906
>                 URL: https://issues.apache.org/jira/browse/SLING-10906
>             Project: Sling
>          Issue Type: Improvement
>          Components: Resource Access Security
>    Affects Versions: Resource Access Security 1.0.0
>            Reporter: Konrad Windszus
>            Priority: Major
>
> Currently all methods:
> # {{canReadValue}}
> # {{canSetValue}} and
> # {{canDeleteValue}}
> always return {{false}} in {{ResourceAccessSecurityImpl}}. Although those 
> methods are not used from the resource resolver or any resource provider they 
> should be implemented based on information from the {{ResourceAccessGate}}.
> At the same time the canCreate...Value(s) methods in the 
> {{ResourceAccessGate}} need to be deprecated as there is no dedicated create 
> method for a property in Sling Resource API (both creation and update use the 
> same mechanism).
> The {{canReadValue}} must also be evaluated before inside 
> {{ResourceAccessSecurityImpl.getReadableResource()}} to only expose a subset 
> of properties.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to