You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@jackrabbit.apache.org by Julian Reschke <ju...@gmx.de> on 2007/02/19 17:09:58 UTC

SPI: repositoryService.isGranted()

Hi,

I was recently refactoring my permission check support and came across 
the following issue:

     public boolean isGranted(SessionInfo sessionInfo, ItemId itemId, 
String[] actions) throws RepositoryException;

The problem here is that in some cases (such as in add_node and 
set_property), the ItemId may refer to an item that doesn't exist (yet), 
so it's impossible for the transient layer to decide whether to produce 
a NodeId or an ItemId.

Now in some case (such as when actions is {"add_node"}), the transient 
layer could make an assumption about the type of the id based on the 
action to be checked. However, this will get ugly when several actions 
are checked in a single method call.

Thus, wouldn't it make sense to change the method signature to

     public boolean isGranted(SessionInfo sessionInfo, Path absPath, 
String[] actions) throws RepositoryException;

instead?

Best regards, Julian

Re: SPI: repositoryService.isGranted()

Posted by Marcel Reutegger <ma...@gmx.net>.

Hi Julian,

I agree, the method should be changed to take an absolute path. or was there a 
reason why we used ItemId there?

regards
  marcel

Julian Reschke wrote:
> Hi,
> 
> I was recently refactoring my permission check support and came across 
> the following issue:
> 
>     public boolean isGranted(SessionInfo sessionInfo, ItemId itemId, 
> String[] actions) throws RepositoryException;
> 
> The problem here is that in some cases (such as in add_node and 
> set_property), the ItemId may refer to an item that doesn't exist (yet), 
> so it's impossible for the transient layer to decide whether to produce 
> a NodeId or an ItemId.
> 
> Now in some case (such as when actions is {"add_node"}), the transient 
> layer could make an assumption about the type of the id based on the 
> action to be checked. However, this will get ugly when several actions 
> are checked in a single method call.
> 
> Thus, wouldn't it make sense to change the method signature to
> 
>     public boolean isGranted(SessionInfo sessionInfo, Path absPath, 
> String[] actions) throws RepositoryException;
> 
> instead?