[ https://issues.apache.org/jira/browse/OAK-942?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13730703#comment-13730703 ]
angela edited comment on OAK-942 at 8/8/13 2:40 PM: ---------------------------------------------------- h4. 1. Characteristics of the Default Implementation h5. General h5. JCR API h6. Session#hasPermission and #checkPermission Since OAK the permission related API calls not only allow to pass the action strings defined by JCR specification (see constants defined in {{Session.java}}) but also handles the names of the permission defined by OAK (see {{Permissions#getString(long permissions)}}). h5. Mapping of JCR Actions to Permissions _TODO_ h5. Permissions The set of permissions supported by OAK are listed in Permissions [0]. The following changes have been compared compared to Jackrabbit 2.x: * READ_NODE: permission to read a node * READ_PROPERTY: permission to read a property * ADD_PROPERTY: permission to create a new property * MODIFY_PROPERTY: permission to change an existing property * REMOVE: aggregation of REMOVE_NODE and REMOVE_PROPERTY * USER_MANAGEMENT: permission to execute user management related tasks such as e.g. creating or removing user/group, changing user password and editing group membership. The following permissions are now an aggregation of new permissions: * READ: aggregates READ_NODE and READ_PROPERTY * SET_PROPERTY: aggregates ADD_PROPERTY, MODIFY_PROPERTY and REMOVE_PROPERTY h5. Permission Evaluation h6. Reading h6. Property Modification h6. Node Removal h6. Version Management h6. User Management h5. Administrative Principals h4. 2. Node Types _TODO_ {code} /** * @since oak 1.0 */ [rep:PermissionStore] orderable + * (rep:PermissionStore) = rep:PermissionStore protected IGNORE + * (rep:Permissions) = rep:Permissions protected IGNORE /** * @since oak 1.0 */ [rep:Permissions] - * (UNDEFINED) protected - * (UNDEFINED) protected multiple + * (rep:Permissions) = rep:Permissions protected IGNORE {code} {code} /** * @since oak 1.0 */ [rep:VersionablePaths] mixin - * (PATH) protected ABORT {code} h4. 3. API Extensions org.apache.jackrabbit.oak.spi.security.authorization.permission - {{PermissionProvider}}: - {{Permissions}}: - {{ReadStatus}}: _work in progress_ h4. 4. Configuration - AccessControlConfiguration#getPermissionProvider h4. 5 References [0] http://svn.apache.org/repos/asf/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/Permissions.java was (Author: anchela): h4. 1. Characteristics of the Default Implementation h5. General h5. JCR API h6. Session#hasPermission and #checkPermission Since OAK the permission related API calls not only allow to pass the action strings defined by JCR specification (see constants defined in {{Session.java}}) but also handles the names of the permission defined by OAK (see {{Permissions#getString(long permissions)}}). h5. Mapping of JCR Actions to Permissions _TODO_ h5. Permissions The set of permissions supported by OAK are listed in Permissions [0]. The following changes have been compared compared to Jackrabbit 2.x: * READ_NODE: permission to read a node * READ_PROPERTY: permission to read a property * ADD_PROPERTY: permission to create a new property * MODIFY_PROPERTY: permission to change an existing property * REMOVE: aggregation of REMOVE_NODE and REMOVE_PROPERTY * USER_MANAGEMENT: permission to execute user management related tasks such as e.g. creating or removing user/group, changing user password and editing group membership. The following permissions are now an aggregation of new permissions: * READ: aggregates READ_NODE and READ_PROPERTY * SET_PROPERTY: aggregates ADD_PROPERTY, MODIFY_PROPERTY and REMOVE_PROPERTY h5. Permission Evaluation h6. Reading h6. Property Modification h6. Node Removal h6. Version Management h6. User Management h5. Administrative Principals h4. 2. Node Types _TODO_ {code} /** * @since oak 1.0 */ [rep:PermissionStore] orderable + * (rep:PermissionStore) = rep:PermissionStore protected IGNORE + * (rep:Permissions) = rep:Permissions protected IGNORE /** * @since oak 1.0 */ [rep:Permissions] - * (UNDEFINED) protected - * (UNDEFINED) protected multiple + * (rep:Permissions) = rep:Permissions protected IGNORE {code} h4. 3. API Extensions org.apache.jackrabbit.oak.spi.security.authorization.permission - {{PermissionProvider}}: - {{Permissions}}: - {{ReadStatus}}: _work in progress_ h4. 4. Configuration - AccessControlConfiguration#getPermissionProvider h4. 5 References [0] http://svn.apache.org/repos/asf/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/Permissions.java > Permissions: Document changes wrt Jackrabbit > -------------------------------------------- > > Key: OAK-942 > URL: https://issues.apache.org/jira/browse/OAK-942 > Project: Jackrabbit Oak > Issue Type: Sub-task > Components: doc > Reporter: angela > Assignee: angela > -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira