Hi Jackrabbit community,
considering a setup with multiple workspaces for separated authoring and
live content, what would be the most promising approach to model access
control policies?
Given that a future Jackrabbit release will support JSR-283-like access
control entries, I'd assign an entry to a node in the authoring
workspace (simplifying the Java syntax and JCR API):
accessControlMgr.addAccessControlEntry(
"/site/anniversary", anniversaryAuthors, { "jcr:write" });
BTW, is the scope of an access control entry the item it is assigned to,
or the whole subtree?
Now comes the tricky part. What if I have a structure like this:
/site
/anniversary
/…
/permanent
/…
Let's assume that the /site/anniversary subtree is not live yet - it
will be published on the day of the anniversary. I want to allow the
anniversaryReviewers to publish anniversary content, but no permanent
content. That means I'd have to assign the jcr:write privilege to a
not-yet-existing node in the live workspace. Unfortunately,
addAccessControlEntry() throws a PathNotFoundException if the node
doesn't exist …
Tobias Bocanegra told me on [EMAIL PROTECTED] that (IIUC) the access control
entries are not copied to the staging workspace if the staging node is
updated, which makes perfect sense. I hope it will conform to the
upcoming JSR-283 - I didn't find anything in the spec about this.
Thanks a lot in advance for any hints!
-- Andreas
--
Andreas Hartmann, CTO
BeCompany GmbH
http://www.becompany.ch
Tel.: +41 (0) 43 818 57 01
