You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jackrabbit.apache.org by "Omid Milani (JIRA)" <ji...@apache.org> on 2011/03/09 07:13:59 UTC
[jira] Created: (JCR-2911) Fine-grained access control for managing
node types
Fine-grained access control for managing node types
---------------------------------------------------
Key: JCR-2911
URL: https://issues.apache.org/jira/browse/JCR-2911
Project: Jackrabbit Content Repository
Issue Type: New Feature
Components: jackrabbit-core, nodetype
Affects Versions: 2.2.4, 2.3.0
Reporter: Omid Milani
Priority: Minor
Fix For: 2.3.0
Extend AccessManager interface to include authorization for register/unregister of node types so it can be defined that a certain user can define and modify some node types but not the others.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (JCR-2911) Fine-grained access control for
managing node types
Posted by "Felix Meschberger (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JCR-2911?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13004396#comment-13004396 ]
Felix Meschberger commented on JCR-2911:
----------------------------------------
Shouldn't node type definition authorization be defined by access control on the node type definition storage (/jcr:system/jcr:nodeTypes) ?
> Fine-grained access control for managing node types
> ---------------------------------------------------
>
> Key: JCR-2911
> URL: https://issues.apache.org/jira/browse/JCR-2911
> Project: Jackrabbit Content Repository
> Issue Type: New Feature
> Components: jackrabbit-core, nodetype
> Affects Versions: 2.2.4, 2.3.0
> Reporter: Omid Milani
> Priority: Minor
> Labels: accessManager, nodetype, security
> Fix For: 2.3.0
>
> Attachments: accessManager_nodeTypes.patch
>
> Original Estimate: 5m
> Remaining Estimate: 5m
>
> Extend AccessManager interface to include authorization for register/unregister of node types so it can be defined that a certain user can define and modify some node types but not the others.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (JCR-2911) Fine-grained access control for managing
node types
Posted by "Omid Milani (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JCR-2911?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Omid Milani updated JCR-2911:
-----------------------------
Status: Patch Available (was: Open)
Added a accessManagerForNodeTypes interface. When repository accessManager implements that interface too, nodeTypeManagerImpl will ask it for permission for register/unregister of node types.
Also noticed that nodeTypeManagerImpl.getNodeTypeRegistry is public, which seems wrong. Made it protected, and changed it's uses to sessionContext.getNodeTypeRegistry (which was available everywhere but in one unit test)
I've tested this only as part of my system and haven't added unit tests here.
> Fine-grained access control for managing node types
> ---------------------------------------------------
>
> Key: JCR-2911
> URL: https://issues.apache.org/jira/browse/JCR-2911
> Project: Jackrabbit Content Repository
> Issue Type: New Feature
> Components: jackrabbit-core, nodetype
> Affects Versions: 2.2.4, 2.3.0
> Reporter: Omid Milani
> Priority: Minor
> Labels: accessManager, nodetype, security
> Fix For: 2.3.0
>
> Original Estimate: 5m
> Remaining Estimate: 5m
>
> Extend AccessManager interface to include authorization for register/unregister of node types so it can be defined that a certain user can define and modify some node types but not the others.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Resolved: (JCR-2911) Fine-grained access control for
managing node types
Posted by "angela (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JCR-2911?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
angela resolved JCR-2911.
-------------------------
Resolution: Duplicate
duplicate of JCR-2774. patch rejected
> Fine-grained access control for managing node types
> ---------------------------------------------------
>
> Key: JCR-2911
> URL: https://issues.apache.org/jira/browse/JCR-2911
> Project: Jackrabbit Content Repository
> Issue Type: New Feature
> Components: jackrabbit-core, nodetype
> Affects Versions: 2.2.4, 2.3.0
> Reporter: Omid Milani
> Priority: Minor
> Labels: accessManager, nodetype, security
> Fix For: 2.3.0
>
> Attachments: accessManager_nodeTypes.patch
>
> Original Estimate: 5m
> Remaining Estimate: 5m
>
> Extend AccessManager interface to include authorization for register/unregister of node types so it can be defined that a certain user can define and modify some node types but not the others.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (JCR-2911) Fine-grained access control for
managing node types
Posted by "Jukka Zitting (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JCR-2911?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jukka Zitting updated JCR-2911:
-------------------------------
Fix Version/s: (was: 2.3)
> Fine-grained access control for managing node types
> ---------------------------------------------------
>
> Key: JCR-2911
> URL: https://issues.apache.org/jira/browse/JCR-2911
> Project: Jackrabbit Content Repository
> Issue Type: New Feature
> Components: jackrabbit-core, nodetype
> Affects Versions: 2.2.4, 2.3
> Reporter: Omid Milani
> Priority: Minor
> Labels: accessManager, nodetype, security
> Attachments: accessManager_nodeTypes.patch
>
> Original Estimate: 5m
> Remaining Estimate: 5m
>
> Extend AccessManager interface to include authorization for register/unregister of node types so it can be defined that a certain user can define and modify some node types but not the others.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (JCR-2911) Fine-grained access control for managing
node types
Posted by "Omid Milani (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JCR-2911?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Omid Milani updated JCR-2911:
-----------------------------
Resolution: Fixed
Status: Resolved (was: Patch Available)
Have added the patch.
> Fine-grained access control for managing node types
> ---------------------------------------------------
>
> Key: JCR-2911
> URL: https://issues.apache.org/jira/browse/JCR-2911
> Project: Jackrabbit Content Repository
> Issue Type: New Feature
> Components: jackrabbit-core, nodetype
> Affects Versions: 2.2.4, 2.3.0
> Reporter: Omid Milani
> Priority: Minor
> Labels: accessManager, nodetype, security
> Fix For: 2.3.0
>
> Attachments: accessManager_nodeTypes.patch
>
> Original Estimate: 5m
> Remaining Estimate: 5m
>
> Extend AccessManager interface to include authorization for register/unregister of node types so it can be defined that a certain user can define and modify some node types but not the others.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (JCR-2911) Fine-grained access control for managing
node types
Posted by "Omid Milani (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JCR-2911?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Omid Milani updated JCR-2911:
-----------------------------
Attachment: accessManager_nodeTypes.patch
description in earlier comment
> Fine-grained access control for managing node types
> ---------------------------------------------------
>
> Key: JCR-2911
> URL: https://issues.apache.org/jira/browse/JCR-2911
> Project: Jackrabbit Content Repository
> Issue Type: New Feature
> Components: jackrabbit-core, nodetype
> Affects Versions: 2.2.4, 2.3.0
> Reporter: Omid Milani
> Priority: Minor
> Labels: accessManager, nodetype, security
> Fix For: 2.3.0
>
> Attachments: accessManager_nodeTypes.patch
>
> Original Estimate: 5m
> Remaining Estimate: 5m
>
> Extend AccessManager interface to include authorization for register/unregister of node types so it can be defined that a certain user can define and modify some node types but not the others.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Reopened: (JCR-2911) Fine-grained access control for
managing node types
Posted by "angela (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JCR-2911?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
angela reopened JCR-2911:
-------------------------
why did you resolve this issue?
> Fine-grained access control for managing node types
> ---------------------------------------------------
>
> Key: JCR-2911
> URL: https://issues.apache.org/jira/browse/JCR-2911
> Project: Jackrabbit Content Repository
> Issue Type: New Feature
> Components: jackrabbit-core, nodetype
> Affects Versions: 2.2.4, 2.3.0
> Reporter: Omid Milani
> Priority: Minor
> Labels: accessManager, nodetype, security
> Fix For: 2.3.0
>
> Attachments: accessManager_nodeTypes.patch
>
> Original Estimate: 5m
> Remaining Estimate: 5m
>
> Extend AccessManager interface to include authorization for register/unregister of node types so it can be defined that a certain user can define and modify some node types but not the others.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (JCR-2911) Fine-grained access control for
managing node types
Posted by "Omid Milani (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JCR-2911?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13004422#comment-13004422 ]
Omid Milani commented on JCR-2911:
----------------------------------
> Shouldn't node type definition authorization be defined by access control on the node type definition storage (/jcr:system/jcr:nodeTypes) ?
that was what I thought first, but accessManager is not called for them.
> duplicate of JCR-2774. patch rejected
should I post the patch for that issue or it's not going to be fixed?
> Fine-grained access control for managing node types
> ---------------------------------------------------
>
> Key: JCR-2911
> URL: https://issues.apache.org/jira/browse/JCR-2911
> Project: Jackrabbit Content Repository
> Issue Type: New Feature
> Components: jackrabbit-core, nodetype
> Affects Versions: 2.2.4, 2.3.0
> Reporter: Omid Milani
> Priority: Minor
> Labels: accessManager, nodetype, security
> Fix For: 2.3.0
>
> Attachments: accessManager_nodeTypes.patch
>
> Original Estimate: 5m
> Remaining Estimate: 5m
>
> Extend AccessManager interface to include authorization for register/unregister of node types so it can be defined that a certain user can define and modify some node types but not the others.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (JCR-2911) Fine-grained access control for
managing node types
Posted by "angela (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JCR-2911?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13004424#comment-13004424 ]
angela commented on JCR-2911:
-----------------------------
> should I post the patch for that issue or it's not going to be fixed?
you don't need to post your patch with that other issue. we will come up with a solution there.
> Fine-grained access control for managing node types
> ---------------------------------------------------
>
> Key: JCR-2911
> URL: https://issues.apache.org/jira/browse/JCR-2911
> Project: Jackrabbit Content Repository
> Issue Type: New Feature
> Components: jackrabbit-core, nodetype
> Affects Versions: 2.2.4, 2.3.0
> Reporter: Omid Milani
> Priority: Minor
> Labels: accessManager, nodetype, security
> Fix For: 2.3.0
>
> Attachments: accessManager_nodeTypes.patch
>
> Original Estimate: 5m
> Remaining Estimate: 5m
>
> Extend AccessManager interface to include authorization for register/unregister of node types so it can be defined that a certain user can define and modify some node types but not the others.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (JCR-2911) Fine-grained access control for
managing node types
Posted by "Jukka Zitting (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JCR-2911?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13004486#comment-13004486 ]
Jukka Zitting commented on JCR-2911:
------------------------------------
I guess what Angela is saying here is that we already have some ideas on how to implement this in the context of the existing access control mechanism. Your proposed approach is a bit different and leaves the actual implementation undefined. Also, there are some stylistic issues like star imports and the use of type casts that make the patch a bit troublesome. And unit tests would be good...
If you're interested in working on this, I suggest you start by discussing in JCR-2774 and it's subtasks about what a good implementation would look like. Once there's a consensus on how this should be implemented we can move on to patches.
> Fine-grained access control for managing node types
> ---------------------------------------------------
>
> Key: JCR-2911
> URL: https://issues.apache.org/jira/browse/JCR-2911
> Project: Jackrabbit Content Repository
> Issue Type: New Feature
> Components: jackrabbit-core, nodetype
> Affects Versions: 2.2.4, 2.3.0
> Reporter: Omid Milani
> Priority: Minor
> Labels: accessManager, nodetype, security
> Fix For: 2.3.0
>
> Attachments: accessManager_nodeTypes.patch
>
> Original Estimate: 5m
> Remaining Estimate: 5m
>
> Extend AccessManager interface to include authorization for register/unregister of node types so it can be defined that a certain user can define and modify some node types but not the others.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira