Martin, 3 comments : 1. The Graffito Lock Service is not yet implemented. 2. Permission management is based on JASS. Permissions depend on a Principal, an URI pattern and a permission type (view, edit, ...) . 3. The Subject info is coming from the portal request. CmsRequestContextManager.getCurrentCmsRequestContext().
You can define the following security rules in the Graffito db (table SECURITY_PERMISSION) : See the OJB implementation to get more info how the engine checks the permissions (org.apache.portals.graffito.store.impl.ojb.GraffitoOJBStore.java) Here is some permission examples : 1. 'Admin group' '/graffito/-' 'all' : The admin group has all permissions on path /graffito and it children (content & subfolders). 2. 'User john' '/graffito/afolder/adocument' "view" The user john can only view the document '/graffito/afolder/adocument 3. 'Guest group', '/graffito/public/*' "view" The group guest can view all documents in the /graffito/public folder (but not in the subfolders). we have only a limited number of permissions ( view, edit, lock, unlock, delete, insert, update). I would like to refactor the permissions management to have the flexiblity to add new ones. All ideas are welcome. Christophe 2005/8/26, Martin Koci <[EMAIL PROTECTED]>: > How to identify user which performs a action, for example imports a new > document? > > For example: JCR defines interface javax.jcr.Session; usual way > elsewhere is User object passed as method parameter or simple String > userId as parameter; HttpSession is used in Servlet enviroment. > > Such identification must exists for locking service - My idea is to > obtain a exception "URI (node) locked by user Martin" or something like > that. > > Thanks, > > Martin > > -- > Mgr. Martin Kočí > --------------------------------- > AURA, s.r.o. > Úvoz 499/56; 602 00 Brno > ISO 9001 certifikovaná společnost > tel./fax: +420 5 43 24 51 11 > e-mail: [EMAIL PROTECTED] > internet: http://www.aura.cz > http://www.j2ee.cz > --------------------------------- > >
