You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@jackrabbit.apache.org by "Seidel. Robert" <Ro...@aeb.de> on 2011/01/05 10:24:54 UTC
More than one policy per node?
Hi,
In which cases do I have more than one policy per node?
To define a privilege for a user and a node, I have to loop about two collections (applicablePolicies & getPolicies), which together contains normally only one object and add the privilege there. I browsed a little bit over the code of DefaultAccessManager and found only one applicable policy or none, if there is already one set. How can there be more than one policy?
And if there is only one applicable or defined - is there an easier way to access it, instead of looping over the two lists?
It's a little bit over modeled in my opinion.
Regards, Robert
AW: More than one policy per node?
Posted by "Seidel. Robert" <Ro...@aeb.de>.
Hi
> i don't find it too difficult to think of
some other approach that would make heavy use of multiple policies
per node.
Indeed, I can think of such scenarios too, but every other jackrabbit user have to implement a helper method like the one below to get the one policy that counts - this method could be standard at the AccessControlManager without taking the possibility to use multiple policies per node:
AccessControlList getList(AccessControlManager acMgr,
String path) throws AccessDeniedException, RepositoryException {
for (AccessControlPolicyIterator it = acMgr.getApplicablePolicies(path); it
.hasNext();) {
AccessControlPolicy acp = it.nextAccessControlPolicy();
if (acp instanceof AccessControlList) {
return (AccessControlList) acp;
}
}
AccessControlPolicy[] acps = acMgr.getPolicies(path);
for (int i = 0; i < acps.length; i++) {
if (acps[i] instanceof AccessControlList) {
return (AccessControlList) acps[i];
}
}
throw new RepositoryException("No AccessControlList at " + path);
}
Regards, Robert
-----Ursprüngliche Nachricht-----
Von: Angela Schreiber [mailto:anchela@adobe.com]
Gesendet: Mittwoch, 5. Januar 2011 10:49
An: users@jackrabbit.apache.org
Betreff: Re: More than one policy per node?
hi
> In which cases do I have more than one policy per node?
with the *current* implementation in jr there is only one policy
per node. but e.g. JCR-2331 would most probably be implemented
by having an additional non-editable policy. similarly having
a specific implementation for READ-access restriction could be
thought of as additional policy that only takes effect under
certain circumstances. and last but not least another jcr
implementation could be built on a different ac model that doesn't
use accesscontrollists. i don't find it too difficult to think of
some other approach that would make heavy use of multiple policies
per node.
regards
angela
Re: More than one policy per node?
Posted by Angela Schreiber <an...@adobe.com>.
hi
> In which cases do I have more than one policy per node?
with the *current* implementation in jr there is only one policy
per node. but e.g. JCR-2331 would most probably be implemented
by having an additional non-editable policy. similarly having
a specific implementation for READ-access restriction could be
thought of as additional policy that only takes effect under
certain circumstances. and last but not least another jcr
implementation could be built on a different ac model that doesn't
use accesscontrollists. i don't find it too difficult to think of
some other approach that would make heavy use of multiple policies
per node.
regards
angela