We partially agree :). 1. Some code needs to find out whether executing an operation called /foo/something/somesubtask is authorized
2. That code calls an authorization service, something like svc.checkPermission(Principal principal, Operation op) 3. That service checks if the operation’s execution is protected, by first checking with a privileged session if the operation is defined at /sling/operations/<operation_name> 4. If the operation’s execution is protected, the service proceeds to check if the Principal is allowed to execute the Operation by attempting to read the operation’s type at /sling/operations/<op_type> (ACL / CUG protected); if the Principal doesn’t have access the service would throw an exception 5. If the operation’s execution is not protected proceed like before > On 27 Jun 2018, at 12:38, Bertrand Delacretaz <[email protected]> wrote: > > That's possible - let me describe the execution scenario in my case > and see if that matches what you suggest: > > 1. Some code needs to find out whether executing an operation called > /foo/something/somesubtask is authorized > > 2. That code calls an authorization service, something like > svc.checkPermission(ResourceProvider RP, "/foo/something/somesubtask") > > 3. That service adds a configurable path prefix to the operation name, > ends up with /libs/sling/permissions/foo/something/somesubtask for > example > > 4. That service checks if RP has access to the Resource at that new path > > 5. If not, checkPermission throws an exception > > Is that what you meant? If yes we agree ;-)
