On 05/06/11 20:46, husbas wrote:
Being logged in a Admin, how can I check whether a user has access to a node
or not? something like
session.hasPermissions(String nodePath, String actions, String asUser);
This is a good question.
I achieved this a while ago - with Jackrabbit 1.5, in 2009 - by creating
a CustomAccessPolicy class with domain/application-specific methods like
canReadProject(String path), canCreateGroup(), etc. This class tested
each permission using javax.jcr.Session.checkPermission(String path,
String actions) for a user-specific session object instantiated for each
request.
In Jackrabbit 1.5 at least, you would write your own AccessManager by
implementing org.apache.jackrabbit.core.security.AccessManager. In my
case, this access manager looked at ordinary nodes/properties in the
workspace to decide permissions (eg checking whether
/users/joe.getUUID() in /projects/abc/@readers.getValues()).
My understanding is that there's some new, "native" support for users
and access management in JCR/Jackrabbit 2, so others on the list can
probably offer updated advice.
Later
Charlie
