On Wed, Nov 23, 2011 at 9:41 AM, Felix Meschberger <[email protected]> wrote: > ...I suggest, we extend the Resource API as follows: > > boolean ResourceResolver.hasPermission(String absPath, String action); > boolean ResourceProvider.hasPermission(String absPath, String action); > >... > In addition, we would define a set of actions use full in terms of Sling: > cread, read, update , delete (aka CRUD) plus (maybe) execute (for calling > scripts and servlets)....
This sounds a lot like reinventing JCR...why not use the existing JCR AccessControlManager API then? See [1] and [2]. That API is only about String paths AFAICS, it defines a number of standard privilege names and allows for additional privilege names - so a non-JCR ResourceProvider could very well use it IMO. I haven't looked at all the details but we can probably just define a new AccessControlManagerProvider API, that returns a JCR AccessControlManager, and the ResourceResolver would use it for ResourceProviders that implement it. -Bertrand [1] http://www.day.com/maven/jsr170/javadocs/jcr-2.0/javax/jcr/security/AccessControlManager.html [2] http://www.day.com/specs/jcr/2.0/16_Access_Control_Management.html
