On Nov 16, 2007 9:29 PM, Felix Meschberger <[EMAIL PROTECTED]> wrote:
> Am Freitag, den 16.11.2007, 11:22 -0500 schrieb Bertrand Delacretaz: > > ...Maybe make the > > default servlet available in the SlingRequest, or some of its methods > > to help with that.... > > I would not do that, this would violate different good behaviours :-) > > Rather I would separate the frontend task of analyzing the input and > writing the output from the backend task of acting upon the input and > preparing the output. This way, the backend operation may be re-used... Sounds good, we could expose the "clever" behavior of the default servlets as a collection of utilities that script can call. > ...Of course we might reach a point, were the functionality of microsling > is at an end and real-world applications should turn towards the > real-sling which is much more open to extension etc... Sure. But with microsling we have a unique opportunity to make JCR more accessible, by making most of its features scriptable. > > ...I was actually thinking about making JCR observers scriptable as well. > > This is in fact a very interesting extension. Still I would strongly > suggest to not implement this in microsling but in Sling.... Why? Repository events are a very important differentiator of JCR as compared to other content storage mechanisms, so I don't see why this shouldn't be in microsling. As I said above, on top of being an entry point to Sling, microsling can also be an entry point for JCR, to help people discover it in an easy to use scriptable environment. >... In addition, I > wonder whether such observers would have access to the repository and > what access rights these scripts would have ? And further on, who would > be allowed to put scripts there ?... Good questions, and not easy to answer ;-) For microsling, I'd suggest initially running these scripts as the admin user, with full access to the repository, to make things easy, event if that's unsafe. Or use a hardcoded (or defined by a system property) "event script username", and let people give it the required access rights. In a unixish system, such scripts would run under the identity of their user owner, but I don't think we have such a concept in JCR, do we? Sling might allow the username that runs event scripts to be configurable, but we might need to study this issue in more detail. -Bertrand
