You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@jackrabbit.apache.org by "Cech. Ulrich" <Ul...@aeb.de> on 2010/11/03 16:50:25 UTC

Calculating the privileges of a node

Hi everybody,

I have some problems with the definition of privileges on a specified node. Specially, in the class PrivilegeRegistry.calculatePermissions() the privilege for adding or removing nodes depends on the privilege of the parent.
I don't understand this behavior, because this results that the user who should have the privilege for adding nodes need this privilege up to the root. But this is not as expected, some users should only be allowed to add nodes in some deeper hierarchy.

It would be nice if someone could help me on this topic (is this a bug or is this "by design")?

Thanks very much in advance,
Ulrich

AW: Calculating the privileges of a node

Posted by "Seidel. Robert" <Ro...@aeb.de>.
Hi,

The method calculates permissions out of privileges, which are nearly the same but not exactly - so it is ok how the method behaves.

Example:

You have defined the privilege ADD_CHILD_NODES for a node like "/level1/level2".
But session.checkPermission("/level1/level2",Session.ACTION_ADD_NODE) returns false.

It is because the ADD_NODE permission is calculated for the node which should be added and not to the parent node. So you have to ask a potential child path, if it can be added.

So session.checkPermission("/level1/level2/level3",Session.ACTION_ADD_NODE) should return true.

Bye, Rob ;)

-----Ursprüngliche Nachricht-----
Von: Cech. Ulrich [mailto:Ulrich.Cech@aeb.de] 
Gesendet: Mittwoch, 3. November 2010 16:50
An: users@jackrabbit.apache.org
Betreff: Calculating the privileges of a node

Hi everybody,

I have some problems with the definition of privileges on a specified node. Specially, in the class PrivilegeRegistry.calculatePermissions() the privilege for adding or removing nodes depends on the privilege of the parent.
I don't understand this behavior, because this results that the user who should have the privilege for adding nodes need this privilege up to the root. But this is not as expected, some users should only be allowed to add nodes in some deeper hierarchy.

It would be nice if someone could help me on this topic (is this a bug or is this "by design")?

Thanks very much in advance,
Ulrich