I usually just do my own access check inside each script that is updating
something using the PrivilegesInfo class (see [1]).
For example, something like this:
<%
var privilegesInfo = new
Packages.org.apache.sling.jcr.jackrabbit.accessmanager.PrivilegesInfo();
if (!privilegesInfo.canModifyProperties(currentNode)) {
//not allowed, so respond that this page doesn't exist for the
current user
response.sendError(404);
} else {
%>
TODO: render your page here.
<%
} /* end else */
%>
1.
http://sling.apache.org/apidocs/sling6/org/apache/sling/jcr/jackrabbit/accessmanager/PrivilegesInfo.html
On Sun, Sep 16, 2012 at 11:41 AM, Sandro Boehme <[email protected]>wrote:
> Hello,
>
> I understand that I can deny jcr:all for /apps and also for a script path
> that is mounted from a bundle via
> <Sling-Initial-Content>folder/**in/bundle;overwrite:=true;**
> path:=/folder/in/resource/**tree</Sling-Initial-Content>
> . After that the user will not see the scripts anymore. But if they are
> called to render a resource they are still executed. Is there a way to have
> something like jcr:execute to specify which user are allowed to execute the
> scripts?
>
> Best,
>
> Sandro
>
