Details
-
Enhancement
-
Resolution: Done
-
Critical
-
None
-
None
Description
Main goal for writing an org.modeshape.jcr.security.AuthorizationProvider is to control security access of JCR operation via hasPermission() method.
Current API:
public boolean hasPermission(ExecutionContext context, String repositoryName, String repositorySourceName,
String workspaceName, Path path, String... actions)
has a Path object, but sometimes path can be relative without any access to its absolute path, for example using addNode(<relative_path>).
This creates a limitation and it's not possible to design an ACL service for modeshape using this API, due we need to know the absolute path and context of the node that a user is trying to create to check if user hasPermission to create it under a specific path.
Also, this issue comes due we don't have an ACL service, so a user needs to create a custom AuthorizationProvider to implement these features on ModeShape.
