You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by bd...@apache.org on 2013/04/04 10:04:03 UTC

svn commit: r1464342 - /sling/trunk/bundles/api/src/main/java/org/apache/sling/api/security/ResourceAccessSecurity.java

Author: bdelacretaz
Date: Thu Apr  4 08:04:03 2013
New Revision: 1464342

URL: http://svn.apache.org/r1464342
Log:
tweak/complete javadocs

Modified:
    sling/trunk/bundles/api/src/main/java/org/apache/sling/api/security/ResourceAccessSecurity.java

Modified: sling/trunk/bundles/api/src/main/java/org/apache/sling/api/security/ResourceAccessSecurity.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/api/src/main/java/org/apache/sling/api/security/ResourceAccessSecurity.java?rev=1464342&r1=1464341&r2=1464342&view=diff
==============================================================================
--- sling/trunk/bundles/api/src/main/java/org/apache/sling/api/security/ResourceAccessSecurity.java (original)
+++ sling/trunk/bundles/api/src/main/java/org/apache/sling/api/security/ResourceAccessSecurity.java Thu Apr  4 08:04:03 2013
@@ -23,43 +23,59 @@ import org.apache.sling.api.resource.Res
 
 /**
  * The <code>ResourceAccessSecurity</code> defines a service API which might be
- * used in implementations of resource providers where the underlaying
- * persistence layer does not have any ACLs. The service should it make easy to
- * implement a lightweight access control in such sort of providers.
+ * used in implementations of resource providers where the underlying
+ * persistence layer does not implement access control. The goal is to make it 
+ * easy to implement a lightweight access control in such providers.
  * 
- * - Expected to only be implemented once in the framework/application (much
- * like the OSGi LogService or Configuration Admin Service) - ResourceProvider
+ * Expected to only be implemented once in the framework/application (much
+ * like the OSGi LogService or ConfigurationAdmin Service) - ResourceProvider
  * implementations are encouraged to use this service for access control unless
- * the underlying storage already has it.
+ * the underlying storage already provides it.
  * 
+ * JCR resource providers should *not* use this - in a JCR context, security is
+ * fully delegated to the underlying repository, and mixing security models would
+ * be a bad idea.
  */
 
 public interface ResourceAccessSecurity {
 
+    /** If supplied Resource can be read, return it (or a wrapped
+     *  variant of it). The returned Resource should then be used
+     *  instead of the one that was passed into the method.
+     *  @return null if {@link Resource} cannot be read
+     */
     public Resource getReadableResource(Resource resource);
 
+    /** @return true if a {@link Resource} can be created at the supplied 
+     *  absolute path. */
     public boolean canCreate(String absPathName, ResourceResolver resourceResolver);
 
+    /** @return true if supplied {@link Resource} can be updated */ 
     public boolean canUpdate(Resource resource);
 
+    /** @return true if supplied {@link Resource} can be deleted */ 
     public boolean canDelete(Resource resource);
 
+    /** @return true if supplied {@link Resource} can be executed as a script */ 
     public boolean canExecute(Resource resource);
 
+    /** @return true if the "valueName" value of supplied {@link Resource} can be read */ 
     public boolean canReadValue(Resource resource, String valueName);
 
+    /** @return true if the "valueName" value of supplied {@link Resource} can be set */ 
     public boolean canSetValue(Resource resource, String valueName);
 
+    /** @return true if the "valueName" value of supplied {@link Resource} can be deleted */ 
     public boolean canDeleteValue(Resource resource, String valueName);
 
     /**
-     * Allows to transform the query based on the current
+     * Optionally transform a query based on the current
      * user's credentials. Can be used to narrow down queries to omit results
-     * that the current user is not allowed to see anyway, speeding up
+     * that the current user is not allowed to see anyway, to speed up
      * downstream access control.
      * 
      * Query transformations are not critical with respect to access control as results
-     * are checked using the canRead.. methods anyway. 
+     * are filtered downstream using the canRead.. methods. 
      * 
      * @param query the query
      * @param language the language in which the query is expressed
@@ -70,4 +86,4 @@ public interface ResourceAccessSecurity 
     public String transformQuery(String query, String language, ResourceResolver resourceResolver)
             throws AccessSecurityException;
 
-}
+}
\ No newline at end of file