I would say, yes you can to both of it :) ResourceAccessGate has different permissions, one of them is execute. So if we base the solution on that, you can still browse the tree. The implementation of a RAG can do whatever it wants, so it can read permissions from somewhere.
But maybe I'm overlooking something, when it comes to reading/executing a script, atm a service user is used for that, not the current user. That's to avoid to open up the search paths for everyone to read. So I think there are more loose ends here. Regards Carsten Jason E Bailey wrote > I'm beginning to think that there is two different mental models that people > who work with Sling take on. One is an OSGi model, where a solution can be > achieved via a Service and the creation and configuration of that service(s). > The other is a resource centric model where everything must be exposed as a > resource, and be configurable by changing properties on a resource. > > From a resource pov the ResourceAccessGate is difficult and potentially fails > because I can't go through the resource tree and see what is and isn't > protected on the tree itself, nor can I configure a ResourcAccessGate by > defining permissions on a node. > > -- > Jason > > On Thu, Oct 4, 2018, at 11:15 AM, Carsten Ziegeler wrote: >> Why is that? I think that's a bold statement. >> >> ResourceAccessGate has been developed (afaik) with this use case in mind. >> >> Carsten >> >> >> Bertrand Delacretaz wrote >>> Hi, >>> >>> On Thu, Oct 4, 2018 at 4:43 PM Julian Sedding <jsedd...@gmail.com> wrote: >>>> ...I am still convinced that this issue could be simply and >>>> elegantly be solved with a ResourceAccessGate for both servlets and >>>> scripts in a generic way... >>> >>> This would probably work but I think it's not intuitive at all, and as >>> such error-prone. >>> >>> -Bertrand >>> >> -- >> Carsten Ziegeler >> Adobe Research Switzerland >> cziege...@apache.org -- Carsten Ziegeler Adobe Research Switzerland cziege...@apache.org
