permissionsandprivileges.md

angela Mon, 21 Nov 2016 23:40:22 -0800

Author: angela
Date: Tue Nov 22 07:38:14 2016
New Revision: 1770806

URL: http://svn.apache.org/viewvc?rev=1770806&view=rev
Log:
minor improvement: security documentation


Modified:
    jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/overview.md
    jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/permission.md
    
jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/permission/permissionsandprivileges.md

Modified: jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/overview.md
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/overview.md?rev=1770806&r1=1770805&r2=1770806&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/overview.md 
(original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/overview.md Tue Nov 
22 07:38:14 2016
@@ -54,6 +54,7 @@ The Oak Security Layer
 #### Permissions
 
  * [Overview](permission.html)
+    * [Permissions vs Privileges](permission/permissionsandprivileges.html)
  * [Differences wrt Jackrabbit 2.x](permission/differences.html)
  * [Permissions : The Default Implementation](permission/default.html)
     * [Permission Evaluation in Detail](permission/evaluation.html)

Modified: jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/permission.md
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/permission.md?rev=1770806&r1=1770805&r2=1770806&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/permission.md 
(original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/permission.md Tue 
Nov 22 07:38:14 2016
@@ -19,7 +19,7 @@ Permissions
 
--------------------------------------------------------------------------------
 
 <a href="jcr_api"/>
-### JCR API
+### JCR and Jackrabbit API
 
 While access control management is a optional feature, a JCR implementation is
 required to support the basic permission checking. The basic requirements for
@@ -33,6 +33,7 @@ The methods defined to check permissions
 
 - `Session#hasPermission(String absPath, String actions)`
 - `Session#checkPermission(String absPath, String actions)`
+- `JackrabbitSession.hasPermission(String absPath, @Nonnull String... 
actions)` (since Jackrabbit API 2.11.0 and Oak 1.4)
 
 The actions are expected to be a comma separated list of any of the following 
string constants:
 
@@ -41,6 +42,19 @@ The actions are expected to be a comma s
 - `Session.ACTION_REMOVE`
 - `Session.ACTION_SET_PROPERTY`
 
+And defined by Jackrabbit API the following additional actions (since 
Jackrabbit API 2.11.0):
+
+- `JackrabbitSession.ACTION_ADD_PROPERTY`
+- `JackrabbitSession.ACTION_MODIFY_PROPERTY`
+- `JackrabbitSession.ACTION_REMOVE_PROPERTY`
+- `JackrabbitSession.ACTION_REMOVE_NODE`
+- `JackrabbitSession.ACTION_NODE_TYPE_MANAGEMENT`
+- `JackrabbitSession.ACTION_VERSIONING`
+- `JackrabbitSession.ACTION_LOCKING`
+- `JackrabbitSession.ACTION_READ_ACCESS_CONTROL`
+- `JackrabbitSession.ACTION_MODIFY_ACCESS_CONTROL`
+- `JackrabbitSession.ACTION_USER_MANAGEMENT`
+
 **Note**: As of Oak 1.0 the these methods also handle the names of the 
permissions
 defined by Oak (see `Permissions#getString(long permissions)`).
 
@@ -48,7 +62,7 @@ See also section [Permissions vs Privile
 a comparison of these permission checks and testing privileges on the 
`AccessControlManager`. 
 
 ##### Examples
-###### Test if session has permission to add a new node
+###### Test if session has permission to add a new node (JCR API)
 
 Important: `absPath` refers to the node to be created
 
@@ -58,7 +72,15 @@ Important: `absPath` refers to the node
          session.save();
     }
 
-###### Test if session has permission to perform version operations
+###### Test if session has permission to perform version and lock operations 
(Jackrabbit API)
+
+    Node content = jrSession.getNode("/content");
+    if (jrSession.hasPermission("/content", 
JackrabbitSession.ACTION_VERSIONING, JackrabbitSession.ACTION_LOCKING))) {
+         content.checkin();
+         session.save();
+    }
+
+###### Test if session has permission to perform version operations (Oak SPI)
 
     Node content = session.getNode("/content");
     if (session.hasPermission("/content", 
Permissions.getString(Permissions.VERSION_MANAGEMENT))) {
@@ -155,6 +177,50 @@ Not used in Oak 1.0:
 - regular properties: `Permissions.MODIFY_PROPERTY`
 - non-existing properties: `Permissions.ADD_PROPERTY`
 
+`ACTION_ADD_PROPERTY`:
+
+- access control content: `Permissions.MODIFY_ACCESS_CONTROL`
+- other properties: `Permissions.ADD_PROPERTY`
+
+`ACTION_MODIFY_PROPERTY`:
+
+- access control content: `Permissions.MODIFY_ACCESS_CONTROL`
+- other properties: `Permissions.MODIFY_PROPERTY`
+
+`ACTION_REMOVE_PROPERTY`:
+
+- access control content: `Permissions.MODIFY_ACCESS_CONTROL`
+- other properties: `Permissions.REMOVE_PROPERTY`
+
+`ACTION_REMOVE_NODE`:
+
+- access control content: `Permissions.MODIFY_ACCESS_CONTROL`
+- regular nodes: `Permissions.REMOVE_NODE`
+
+`ACTION_NODE_TYPE_MANAGEMENT`
+
+- `Permissions.NODE_TYPE_MANAGEMENT`
+
+`ACTION_VERSIONING`
+
+- `Permissions.VERSION_MANAGEMENT`
+
+`ACTION_LOCKING`
+
+- `Permissions.LOCK_MANAGEMENT`
+
+`ACTION_READ_ACCESS_CONTROL`
+
+- `Permissions.READ_ACCESS_CONTROL`
+
+`ACTION_MODIFY_ACCESS_CONTROL`
+
+- `Permissions.MODIFY_ACCESS_CONTROL`
+
+`ACTION_USER_MANAGEMENT`
+
+- `Permissions.USER_MANAGEMENT`
+
 
 #### Permissions for Different Operations
 

Modified: 
jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/permission/permissionsandprivileges.md
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/permission/permissionsandprivileges.md?rev=1770806&r1=1770805&r2=1770806&view=diff
==============================================================================
--- 
jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/permission/permissionsandprivileges.md
 (original)
+++ 
jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/permission/permissionsandprivileges.md
 Tue Nov 22 07:38:14 2016
@@ -51,23 +51,8 @@ Where
 - `actions` defines a comma-separated string (or string array respectively) of 
the actions defined on `Session` and `JackrabbitSession` (see below). 
   With the default implementation also Oak internal permission names are 
allowed ( _Note:_ permission names != privilege names)
   
-#### Supported Actions  
-
-- `Session.ACTION_READ`
-- `Session.ACTION_ADD_NODE`
-- `Session.ACTION_SET_PROPERTY`
-- `Session.ACTION_REMOVE`
-
-- `JackrabbitSession.ACTION_ADD_PROPERTY`
-- `JackrabbitSession.ACTION_MODIFY_PROPERTY`
-- `JackrabbitSession.ACTION_REMOVE_PROPERTY`
-- `JackrabbitSession.ACTION_REMOVE_NODE`
-- `JackrabbitSession.ACTION_NODE_TYPE_MANAGEMENT`
-- `JackrabbitSession.ACTION_VERSIONING`
-- `JackrabbitSession.ACTION_LOCKING`
-- `JackrabbitSession.ACTION_READ_ACCESS_CONTROL`
-- `JackrabbitSession.ACTION_MODIFY_ACCESS_CONTROL`
-- `JackrabbitSession.ACTION_USER_MANAGEMENT`
+See section [Permissions](../permission.html#oak_permissions) for a 
comprehensive
+list and the mapping from actions to permissions.
 
 #### Characteristics

svn commit: r1770806 - in /jackrabbit/oak/trunk/oak-doc/src/site/markdown/security: overview.md permission.md permission/permissionsandprivileges.md

Reply via email to