Hi Alex > - I think ACLs that handle modification of properties is part of the > JCR 2.0 standard (but could be wrong here) > - if not, you should think about changing your content model - ACLs > are a main driver for it (see rule 2 in [1])
JCR 1.0 includes the "set_property" permission, and I've implemented a custom AccessManager so can control access to this level. The problem I have with properties is that I want the user to have write permission when connected through my web application, but more limited permissions when connected through WebDAV. However, it is only possible to have a single AccessManager configured per repository. It's apparently possible to hide items in WebDAV by filtering on namespace (eg "rep:") or node types, but I have not had success with this and it's specified to only affect display and not access. > - BTW, have you looked at Apache Sling [2]? It should reduce your > effort to build a custom REST interface on top of JCR I looked at Sling briefly, but I've found the REST side of things pretty easy-going just using the Jersey JAX-RS implementation. It wasn't clear to me what Sling's benefits were from examples on the website, and I have complete control over the details by coding my own! Later Charlie
