You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ofbiz.apache.org by "Pierre Smits (JIRA)" <ji...@apache.org> on 2012/04/24 17:39:36 UTC
[jira] [Created] (OFBIZ-4841) Have a workspace for each
application/component in a repository
Pierre Smits created OFBIZ-4841:
-----------------------------------
Summary: Have a workspace for each application/component in a repository
Key: OFBIZ-4841
URL: https://issues.apache.org/jira/browse/OFBIZ-4841
Project: OFBiz
Issue Type: Sub-task
Components: framework
Affects Versions: SVN trunk
Reporter: Pierre Smits
Priority: Critical
In order to separate access to jcr content each application should have its own workspace in the repository.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (OFBIZ-4841) Have a workspace for each
application/component in a repository
Posted by "Sascha Rodekamp (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-4841?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13261347#comment-13261347 ]
Sascha Rodekamp commented on OFBIZ-4841:
----------------------------------------
Separating the concerns in the repository by using different workspaces is, IMHO, a good approach. That could make maintenance of the repository and right management easier.
> Have a workspace for each application/component in a repository
> ---------------------------------------------------------------
>
> Key: OFBIZ-4841
> URL: https://issues.apache.org/jira/browse/OFBIZ-4841
> Project: OFBiz
> Issue Type: Sub-task
> Components: framework
> Affects Versions: SVN trunk
> Reporter: Pierre Smits
> Priority: Critical
>
> In order to separate access to jcr content each application should have its own workspace in the repository.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (OFBIZ-4841) Have a workspace for each
application/component in a repository
Posted by "Pierre Smits (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-4841?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13261396#comment-13261396 ]
Pierre Smits commented on OFBIZ-4841:
-------------------------------------
Fore sure, various scenarios are possible. Some more effective, some less. We must evaluate all options in the jackrabbit branch before having anything implemented in trunk.
> Have a workspace for each application/component in a repository
> ---------------------------------------------------------------
>
> Key: OFBIZ-4841
> URL: https://issues.apache.org/jira/browse/OFBIZ-4841
> Project: OFBiz
> Issue Type: Sub-task
> Components: framework
> Affects Versions: SVN trunk
> Reporter: Pierre Smits
> Priority: Critical
>
> In order to separate access to jcr content each application should have its own workspace in the repository.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (OFBIZ-4841) Have a workspace for each
application/component in a repository
Posted by "Adrian Crum (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-4841?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13260682#comment-13260682 ]
Adrian Crum commented on OFBIZ-4841:
------------------------------------
I would be interested to see a use case for this issue. In my experience, access to content is based on user credentials, not on a particular application.
> Have a workspace for each application/component in a repository
> ---------------------------------------------------------------
>
> Key: OFBIZ-4841
> URL: https://issues.apache.org/jira/browse/OFBIZ-4841
> Project: OFBiz
> Issue Type: Sub-task
> Components: framework
> Affects Versions: SVN trunk
> Reporter: Pierre Smits
> Priority: Critical
>
> In order to separate access to jcr content each application should have its own workspace in the repository.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (OFBIZ-4841) Have a workspace for each
application/component in a repository
Posted by "Scott Gray (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-4841?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13261390#comment-13261390 ]
Scott Gray commented on OFBIZ-4841:
-----------------------------------
Please don't take a hasty approach on this, I haven't looked at jackrabbit in a long time now but at first glance this sounds concerning.
For example this heavily referenced wiki page states: http://wiki.apache.org/jackrabbit/DavidsModel#Rule_.233:_Workspaces_are_for_clone.28.29.2C_merge.28.29_and_update.28.29.
{quote}
Workspaces should not be used for access control. Visibility of content for a particular group of users is not a good argument to separate things into different workspaces. JCR features "Access Control" in the content repository to provide for that.
{quote}
> Have a workspace for each application/component in a repository
> ---------------------------------------------------------------
>
> Key: OFBIZ-4841
> URL: https://issues.apache.org/jira/browse/OFBIZ-4841
> Project: OFBiz
> Issue Type: Sub-task
> Components: framework
> Affects Versions: SVN trunk
> Reporter: Pierre Smits
> Priority: Critical
>
> In order to separate access to jcr content each application should have its own workspace in the repository.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (OFBIZ-4841) Have a workspace for each
application/component in a repository
Posted by "Scott Gray (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-4841?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13261395#comment-13261395 ]
Scott Gray commented on OFBIZ-4841:
-----------------------------------
Also to use your example Pierre, if a CRM user needed to access a certain invoice/agreement then the content access control should allow it based on the same permission checks use to allow access to view the invoice from the OFBiz database. So if you can view the invoice then you should be able to view it's representations in the content repo as well.
All of these things can be achieved by defining permission rules against nodes which would them be inherited by descendent nodes.
e.g. to read the "/invoices/*" node we might define a permission check that requires the user to either have the ACCOUNTING_VIEW, or otherwise be a party to the invoice (perhaps a representative of the from/to party). All child nodes of invoice would then inherit this check, such as "/invoices/1000123/pdf".
> Have a workspace for each application/component in a repository
> ---------------------------------------------------------------
>
> Key: OFBIZ-4841
> URL: https://issues.apache.org/jira/browse/OFBIZ-4841
> Project: OFBiz
> Issue Type: Sub-task
> Components: framework
> Affects Versions: SVN trunk
> Reporter: Pierre Smits
> Priority: Critical
>
> In order to separate access to jcr content each application should have its own workspace in the repository.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (OFBIZ-4841) Have a workspace for each
application/component in a repository
Posted by "Pierre Smits (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-4841?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13260803#comment-13260803 ]
Pierre Smits commented on OFBIZ-4841:
-------------------------------------
I guess you could compare it to data in an OFBiz repository.
In my experience access to the OFBiz data is not only based on the user credentials sec, but also on the mapping between the user and the CRUD functions defined in the application. The same is with workspaces, if I understand it correctly. They provide viewpoints to the content stored so that you can maintain multiple reference points to the JCR content.
E.g. a user can have rights to FICO to store invoices and agreements. But another user, with only access to, let's say CRM, would need access to FICO to view the invoice and/or agreement. By defining a new reference point to the content through the CRM workspace he/she could also have access to that object. Workspaces can then be used for cloning, merging and updating.
> Have a workspace for each application/component in a repository
> ---------------------------------------------------------------
>
> Key: OFBIZ-4841
> URL: https://issues.apache.org/jira/browse/OFBIZ-4841
> Project: OFBiz
> Issue Type: Sub-task
> Components: framework
> Affects Versions: SVN trunk
> Reporter: Pierre Smits
> Priority: Critical
>
> In order to separate access to jcr content each application should have its own workspace in the repository.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira