[
https://issues.apache.org/jira/browse/SLING-2698?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13618121#comment-13618121
]
Mike Müller commented on SLING-2698:
------------------------------------
Okay, a made changes to the interface as discussed in [1] and commited it in
r1462804.
One point where I'm not really sure what's the best way is how we should
provide credentials in the SPI ResourceAccessGate.
By now we've got the ResourceResolver in the ResourceAccessSecurity interface
instead of the userid as String. In the ResourceAccessGate interface there
still is a userid as String. Should we provide here the ResourceResolver as
well or leave the userid?
If we provide the ResourceResolver, we only have to provide it in canCreate,
transformQuery and the has-methods, in all other methods we pass in a Resource
where we can retrieve the resource resolver from.
WDYT?
[1] http://markmail.org/thread/zfgalfiwbs7xua4s
> resource access security service for resource providers without backing ACLs
> ----------------------------------------------------------------------------
>
> Key: SLING-2698
> URL: https://issues.apache.org/jira/browse/SLING-2698
> Project: Sling
> Issue Type: New Feature
> Components: ResourceResolver
> Reporter: Mike Müller
> Assignee: Mike Müller
> Fix For: Resource Resolver 1.1.0
>
> Attachments: resource-resolver-wrapper.patch
>
>
> Adding a minmal resource access gate as discussed in [1].
> First step is to define the API interface and a minimal implementation which
> allows to define READ access (rest of CRUD can follow later)
> [1] http://markmail.org/thread/4ctczoiy533tquyl
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
