Hi Radu, On Wed, Jun 27, 2018 at 12:11 PM Radu Cotescu <[email protected]> wrote: > ...I start having the impression that we both proposed the same concept, but > using a > different vocabulary...
That's possible - let me describe the execution scenario in my case and see if that matches what you suggest: 1. Some code needs to find out whether executing an operation called /foo/something/somesubtask is authorized 2. That code calls an authorization service, something like svc.checkPermission(ResourceProvider RP, "/foo/something/somesubtask") 3. That service adds a configurable path prefix to the operation name, ends up with /libs/sling/permissions/foo/something/somesubtask for example 4. That service checks if RP has access to the Resource at that new path 5. If not, checkPermission throws an exception Is that what you meant? If yes we agree ;-) -Bertrand
