-
1. Re: JCR Authorization Approach RFC
rhauch Jun 18, 2009 3:07 PM (in response to bcarothers)A few questions:
a) Does "set_property" include adding, setting and removing properties and property values?
b) Does "remove" apply to nodes? If so, should it be "remove_node" to better match "add_node"?
Some responses to your questions:
1) Probably, though we could add it when needed rather than preemptively do it.
2) Good question. Ideally they would only see the names of the workspaces that they can read. Is that possible/easy?
3) I think yes, so that we can support multiple repositories. -
2. Re: JCR Authorization Approach RFC
medavid Jun 18, 2009 3:25 PM (in response to bcarothers)1) yes, I would preffer normal users whom just read / write to no be able to alter permanent namespaces or types
2) always a difficult choise: show them what's in store or show them where they have access to. I prefer the first option, as in an application layer I'll be able to make that decision. But if the specifications tell that a user should not be able to know of a node exists if is not allowed to read it, I prefer the latter.
3) that would be nice. In my projects we work with multiple virtual repositories, so that would be nice indeed. -
3. Re: JCR Authorization Approach RFC
jpav Jun 18, 2009 3:25 PM (in response to bcarothers)My votes:
1) Yes, though this would be DNA-specific since JCR-170 doesn't appear to have the concept.
2) I would think not. Too bad JCR-170 doesn't have some type of "list" permission
3) Yes
a) Not according to the spec. However, it's not clear that adding is covered by add_node either...
b) Strictly speaking, remove would apply to both nodes and properties. Regarding what it's called, this is defined by the spec.
Reading the spec, it defines some permissions, but doesn't seem to preclude the addition of other implementation-specific permissions, such as "list" or "add_property". Something to consider? -
4. Re: JCR Authorization Approach RFC
bcarothers Jun 18, 2009 3:29 PM (in response to bcarothers)
A few questions:
a) Does "set_property" include adding, setting and removing properties and property values?
"set_property" is for adding and modifying property values. "remove" is for removing properties or nodes.b) Does "remove" apply to nodes? If so, should it be "remove_node" to better match "add_node"?
"remove" is for removing any item. It's not how I would have done it, but it's per-spec.Some responses to your questions:
1) Probably, though we could add it when needed rather than preemptively do it.
Works for me.2) Good question. Ideally they would only see the names of the workspaces that they can read. Is that possible/easy?
Possible and pretty easy, I think.3) I think yes, so that we can support multiple repositories.
Got it. -
5. Re: JCR Authorization Approach RFC
jpav Jun 18, 2009 3:37 PM (in response to bcarothers)Oh, yes, missed the parentheses in the spec for set_property. bcarothers, you're right, set_property does deal with add.