Hi, Does Oak have an extension point where I can plugin my own dynamic ACL logic?
A typical use case is hiding a content subtree to some of the JCR Sessions that are created, based on a decision done in my code at session creation time, without having to change any actual ACLs. To avoid security issues, such a dynamic ACL should only be able to deny permissions on top of what Oak grants, but not grant any by itself. For now my goal is just to experiment with this, even if it's inefficient or incomplete that would be useful. -Bertrand
