Hi Jason, > On 3 Oct 2018, at 22:26, Jason E Bailey <j...@apache.org> wrote: > > On Wed, Oct 3, 2018, at 7:57 AM, Radu Cotescu wrote: > >> Servlets do create Sling resources, but that’s not applicable to scripts >> deployed in the search paths. > > Could you clarify that a bit for me. I'm under the impression that in Sling > everything is a resource, when does it not create a resource?
Sure. A servlet registration, like Justin mentioned on the referenced thread [0], creates a ResourceProvider mapped to a certain path - just check /system/console/status-jcrresolver and see the reported paths. Search path scripts, although at runtime generate Servlets (through adaptation), they will not generate a similar ResourceProvider like proper Servlets do. I guess what I wanted to say is that the behaviour regarding what gets generated for a resource type mapping is not consistent, hence why trying to work with what we already have would be difficult, since we’d have to secure the RP entries (which get created dynamically) and the scripts, but these resources would be all over the place. For now my suggestion is to create an isolated content tree where we’d define different kinds of permissions, where the sling:resourceType execution would be one of them. I wouldn’t expose any API for it, just make it an implementation detail of the Sling Engine. If we figure out we want more types of permissions we either extend the tree or we start creating an API to manage everything and maybe even delegate permission storage to other systems. Cheers, Radu
