You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2014/05/20 14:06:02 UTC
svn commit: r1596220 - in
/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security:
accesscontrol/editing.md permission.md
Author: angela
Date: Tue May 20 12:06:01 2014
New Revision: 1596220
URL: http://svn.apache.org/r1596220
Log:
OAK-301 : oak docu
Modified:
jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/accesscontrol/editing.md
jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/permission.md
Modified: jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/accesscontrol/editing.md
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/accesscontrol/editing.md?rev=1596220&r1=1596219&r2=1596220&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/accesscontrol/editing.md (original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/accesscontrol/editing.md Tue May 20 12:06:01 2014
@@ -22,10 +22,16 @@ Using the Access Control Management API
#### Privilege Discovery
+Discover/test privileges for the editing session:
+
- `AccessControlManager`
- `hasPrivileges(String, Privilege[])`
- `getPrivileges(String)`
+Discover/test privileges for a set of principal that may differ from those associated
+with the reading subject. Note that this method requires editing session to be
+able to have `READ_ACCESS_CONTROL` permission on the node associated with the specified
+path.
- `JackrabbitAccessControlManager`
- `hasPrivileges(String, Set<Principal>, Privilege[])`
Modified: jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/permission.md
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/permission.md?rev=1596220&r1=1596219&r2=1596220&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/permission.md (original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/permission.md Tue May 20 12:06:01 2014
@@ -329,6 +329,22 @@ Each per path store looks as follows
}
}
+###### Accessing the Permission Store
+
+It is important to understand that the permission store is a implementation
+specific structure that is maintained by the system itself. For this reason
+access to the permission store is additionally restricted superimposing the
+regular permissions being enforced for regular repository items.
+
+In detail this means that the permission store cannot be written by JCR nor Oak
+API method calls. It's immutability is enforced by a dedicated `FailingValidator`
+that prevents any modifications underneath `/jcr:system/rep:permissionStore`.
+Similarly read access is not allowed except for system principals. In order to
+discover and display access control related information API consumers should
+use the regular JCR and Jackrabbit permission and access control management API
+as listed above and in section [Using the Access Control Management API](accesscontrol/editing.html).
+
+
##### Node Type Definitions
For the permission store the following built-in node types have been defined: