hi husain
I am trying to use Principal based ACL but am not getting a clear idea of
how the restrictions work.
For example, if I want to allow a newly created user / group to access the
workspace, how do I do it (I have removed Everyone ACE with full read
access)?
since the principal-based acls are not stored with the resource
you have to specify the target node's path as restriction. the
restrictions allowed/mandated by the ACL are:
----------------------------------------------------
restr.name | | value type
----------------------------------------------------
rep:nodePath | mandatory | PATH
rep:glob | optional | STRING
----------------------------------------------------
in other words: you always have define a restriction map containing
at least a rep:nodePath + PATH-value entry when creating a new ACE.
see also JackrabbitAccessControlList#addEntry(Principal principal,
Privilege[] privileges, boolean isAllow, Map<String, Value> restrictions)
hope that helps.
regards
angela
