You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@chemistry.apache.org by Florian Müller <fm...@apache.org> on 2012/03/21 09:20:54 UTC
Setting an ACL
Hi,
CMIS defines the applyAcl service to change the ACL of an object.
Unfortunately, there are subtle differences between the two bindings
that can cause confusion.
Therefore, I propose we add a setAcl() method to OpenCMIS. This method
removes all direct permissions for all principals that are stated in the
ACL of an object and at the same time adds the ACL provided by the
application. That would effectively exchange all direct permissions.
Obviously, propagation would not work with method but the semantics for
single objects would be clear regardless of the binding.
WDYT?
Cheers,
Florian
RE: Setting an ACL
Posted by Jens Hübel <jh...@opentext.com>.
Thanks Florian for the hint to class BasicPermissions. I would have expected this as an enum and therefore only looked in the ...enum package. Probably this does the job. An enum would have the advantage of a defined ordering which can be useful when checking rights (like "has at least read permission"). But this probably can be handled in the user code as well. I will check and adapt my sources.
For 1) I have created https://issues.apache.org/jira/browse/CMIS-517
Jens
-----Original Message-----
From: Florian Müller [mailto:fmui@apache.org]
Sent: Freitag, 23. März 2012 09:32
To: dev@chemistry.apache.org
Subject: RE: Setting an ACL
Hi Jens,
re 1) Yes, we can. Please open an improvement issue that we don't forget it.
re 2) There is org.apache.chemistry.opencmis.commons.BasicPermissions.
Is this want you are looking for?
Cheers,
Florian
> No objections from my side. But if we touch this code I would like to
> propose two more minor changes:
>
> 1) Because of the subtle differences between the bindings class
> org.apache.chemistry.opencmis.commons.server.CmisService gets an extra
> method applyAcl(). This however is not reflected in the LocalBinding.
> I missed this in the unit tests where you want to test the behavior of
> both bindings. Could we add this in the local binding?
>
> 2) Another piece I missed is an enum for the basic permissions. As a
> replacement I used
> org.apache.chemistry.opencmis.commons.impl.jaxb.EnumBasicPermissions.
> This is exactly what I need, but directly accessing the JAXB classes
> is contradicting our design ideas. Is there any reason not to add this
> or just an oversight?
>
> Jens
>
>
>
> -----Original Message-----
> From: Florian Müller [mailto:fmui@apache.org]
> Sent: Mittwoch, 21. März 2012 09:21
> To: dev@chemistry.apache.org
> Subject: Setting an ACL
>
> Hi,
>
> CMIS defines the applyAcl service to change the ACL of an object.
> Unfortunately, there are subtle differences between the two bindings
> that can cause confusion.
>
> Therefore, I propose we add a setAcl() method to OpenCMIS. This
> method removes all direct permissions for all principals that are
> stated in the ACL of an object and at the same time adds the ACL
> provided by the application. That would effectively exchange all
> direct permissions.
> Obviously, propagation would not work with method but the semantics
> for single objects would be clear regardless of the binding.
>
> WDYT?
>
>
> Cheers,
>
> Florian
RE: Setting an ACL
Posted by Florian Müller <fm...@apache.org>.
Hi Jens,
re 1) Yes, we can. Please open an improvement issue that we don't
forget it.
re 2) There is org.apache.chemistry.opencmis.commons.BasicPermissions.
Is this want you are looking for?
Cheers,
Florian
> No objections from my side. But if we touch this code I would like to
> propose two more minor changes:
>
> 1) Because of the subtle differences between the bindings class
> org.apache.chemistry.opencmis.commons.server.CmisService gets an
> extra
> method applyAcl(). This however is not reflected in the LocalBinding.
> I missed this in the unit tests where you want to test the behavior
> of
> both bindings. Could we add this in the local binding?
>
> 2) Another piece I missed is an enum for the basic permissions. As a
> replacement I used
> org.apache.chemistry.opencmis.commons.impl.jaxb.EnumBasicPermissions.
> This is exactly what I need, but directly accessing the JAXB classes
> is contradicting our design ideas. Is there any reason not to add
> this
> or just an oversight?
>
> Jens
>
>
>
> -----Original Message-----
> From: Florian Müller [mailto:fmui@apache.org]
> Sent: Mittwoch, 21. März 2012 09:21
> To: dev@chemistry.apache.org
> Subject: Setting an ACL
>
> Hi,
>
> CMIS defines the applyAcl service to change the ACL of an object.
> Unfortunately, there are subtle differences between the two bindings
> that can cause confusion.
>
> Therefore, I propose we add a setAcl() method to OpenCMIS. This
> method removes all direct permissions for all principals that are
> stated in the ACL of an object and at the same time adds the ACL
> provided by the application. That would effectively exchange all
> direct permissions.
> Obviously, propagation would not work with method but the semantics
> for single objects would be clear regardless of the binding.
>
> WDYT?
>
>
> Cheers,
>
> Florian
RE: Setting an ACL
Posted by Jens Hübel <jh...@opentext.com>.
No objections from my side. But if we touch this code I would like to propose two more minor changes:
1) Because of the subtle differences between the bindings class org.apache.chemistry.opencmis.commons.server.CmisService gets an extra method applyAcl(). This however is not reflected in the LocalBinding. I missed this in the unit tests where you want to test the behavior of both bindings. Could we add this in the local binding?
2) Another piece I missed is an enum for the basic permissions. As a replacement I used org.apache.chemistry.opencmis.commons.impl.jaxb.EnumBasicPermissions. This is exactly what I need, but directly accessing the JAXB classes is contradicting our design ideas. Is there any reason not to add this or just an oversight?
Jens
-----Original Message-----
From: Florian Müller [mailto:fmui@apache.org]
Sent: Mittwoch, 21. März 2012 09:21
To: dev@chemistry.apache.org
Subject: Setting an ACL
Hi,
CMIS defines the applyAcl service to change the ACL of an object.
Unfortunately, there are subtle differences between the two bindings that can cause confusion.
Therefore, I propose we add a setAcl() method to OpenCMIS. This method removes all direct permissions for all principals that are stated in the ACL of an object and at the same time adds the ACL provided by the application. That would effectively exchange all direct permissions.
Obviously, propagation would not work with method but the semantics for single objects would be clear regardless of the binding.
WDYT?
Cheers,
Florian
Re: Setting an ACL
Posted by Florent Guillaume <fg...@nuxeo.com>.
Hi,
I don't see a problem with that.
Florent
On Wed, Mar 21, 2012 at 9:20 AM, Florian Müller <fm...@apache.org> wrote:
> Hi,
>
> CMIS defines the applyAcl service to change the ACL of an object.
> Unfortunately, there are subtle differences between the two bindings that
> can cause confusion.
>
> Therefore, I propose we add a setAcl() method to OpenCMIS. This method
> removes all direct permissions for all principals that are stated in the ACL
> of an object and at the same time adds the ACL provided by the application.
> That would effectively exchange all direct permissions. Obviously,
> propagation would not work with method but the semantics for single objects
> would be clear regardless of the binding.
>
> WDYT?
>
>
> Cheers,
>
> Florian
>
--
Florent Guillaume, Director of R&D, Nuxeo
Open Source, Java EE based, Enterprise Content Management (ECM)
http://www.nuxeo.com http://www.nuxeo.org +33 1 40 33 79 87