Hi Bertrand, on friday Jukka, Simo and me quickly discussed this over the chat as Jukka had an idea on how to accomplish that with, if I recall correctly, a quite dynamic approach which didn't imply changing the already existing ACLs. Maybe Jukka and / or Simo had a chance to follow up on that.
Regards, Tommaso 2013/12/9 Bertrand Delacretaz <[email protected]> > Hi, > > Does Oak have an extension point where I can plugin my own dynamic ACL > logic? > > A typical use case is hiding a content subtree to some of the JCR > Sessions that are created, based on a decision done in my code at > session creation time, without having to change any actual ACLs. > > To avoid security issues, such a dynamic ACL should only be able to > deny permissions on top of what Oak grants, but not grant any by > itself. > > For now my goal is just to experiment with this, even if it's > inefficient or incomplete that would be useful. > > -Bertrand >
