You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@chemistry.apache.org by Jochen Kraushaar <jo...@doubleSlash.de> on 2014/12/18 09:32:59 UTC

Allowable actions and ACLs

Hi there,

we enhanced the OpenCMIS JCR bridge by adding support for ACLs. We 
implemented the getAcl and applyAcl methods and set ACL capabilities in 
the repository info.

How do ACLs influence the allowable actions of an object? Do I have to 
calculate the allowable actions on my own or does OpenCMIS combine the 
"base" allowable actions of an object with the permission mapping 
specified in the repository info?

Regards
Jochen

Re: Allowable actions and ACLs

Posted by Florian Müller <fm...@apache.org>.

Hi Jochen,

OpenCMIS does not calculate the Allowable Actions for you. The server 
implementation has to do that.
Depending on the repository, the Allowable Actions can include something 
that is not expressible with ACLs. For example, even if a user can see a 
folder, that doesn't mean that the user is allowed to call 
getChildren(). That can vary from folder to folder in a repository 
because of another rule, a police, or configuration.
There are also some edge cases. The root folder, for example, cannot be 
moved or deleted even if the user has the cmis:all permission.


- Florian


> Hi there,
> 
> we enhanced the OpenCMIS JCR bridge by adding support for ACLs. We
> implemented the getAcl and applyAcl methods and set ACL capabilities
> in the repository info.
> 
> How do ACLs influence the allowable actions of an object? Do I have to
> calculate the allowable actions on my own or does OpenCMIS combine the
> "base" allowable actions of an object with the permission mapping
> specified in the repository info?
> 
> Regards
> Jochen