Hi I'm coming up with a new thread concerning the use of the new ResourceAccessSecurity service in implementations of ResourceProvider which do not have uderlaying ACLs.
My first thought was that each ResourceProvider without any ACLs should implement some lightweight access security through the use of the ResourceAccessSecurity service. The disadvantage of this approach is that every resource provider has to implement the same calls. We do have the implementation separated into the resourceaccesssecurity bundle but it's nevertheless quite an effort for the resource providers to actually use this service. To make this easier I propose that we insert a new service parameter for ResourceProviders, called "applyResourceAccessSecurity" (or similar). With this parameter set (which defaults to false) the calls to the ResourceAccessSecurity are made automatically through the ResourceResolver implementation. With this, it would be very easy for a resource provider to use the ResourceAccessSecurity service. And it would be as easy as setting a service parameter to implement it on FSResourceProvider, BundleResourceProvider, MongoDBResourceProvider and future providers without ACLs. WDYT? best regards Mike
