Hello jackrabbit-dev. It looks like my previous post was missed, so I will try to ask my question again.
In Jackrabbit current implementation of access permissions (org.apache.jackrabbit.core.security) it is only possible to have "all permissions" (superuser) or "read-only" (anonymous) session. Is it planned to add more flexible permission system to Jackrabbit, so it will be possible to have different permissions for different nodes, for the single session. Another JCR question is not Jackrabbit specific. Consider an application which uses some JCR implementation and this application requires setting permissions for nodes on behalf of its users. As there is no API to set user permissions for nodes specified in JCR, which API should be used in such application? If, as JCR states, permission system is left up to implementation, then is such application forced to used some proprietary API to set permissions? Doesn't this compromise entirely a concept of "switching repository implementations" and avoiding vendor lock-in? Any comments on these two questions will be highly appreciated. Thank you. -- Best regards, Maxim. Anahoret Team.
