Hi Bertrand,
Am 19.09.12 08:49, schrieb Bertrand Delacretaz:
Hi Sandro,
On Sun, Sep 16, 2012 at 8:41 PM, Sandro Boehme <[email protected]> wrote:
...The security is based on paths. Is there any other security mechanism that
is based on the HTTP method, resource types, selector, suffix or extension?...
The idea is to delegate security entirely to the underlying JCR
repository, so no that doesn't take these things into account, you
usually have to design your security model based on the *effects*
(like POST potentially modifying content) of those things on the
content.
If you need more indirect permissions you can use additional nodes to
define what users can do - assuming you have an email sending service
for example, it could refuse to send mail if the current user cannot
read the /etc/permissions/sendmail node.
-Bertrand
thanks. Its an interesting idea to model the permissions this way.
Best,
Sandro
