Uploaded image for project: 'Sling'
  1. Sling
  2. SLING-1555

UserManager permissions manipulation services API

Details

    Description

      It would be nice if the jackrabbit.usermanager bundle exposed OSGI service(s) that maps exactly the functionalities of the REST services, so that one can use their features also in a programmatic way.

      This can be useful if an application has to manage users and groups without having an explicit request object (ex: from an EventListener), or in the case a user has to manipulate his account (in this case he doesn't have an administrative account, so his requests are not permitted to modify users). Also i think that, in certain situations, it could be just cleaner and simpler to write a servlet or script that directly invoke the methods, instead of find the way to invoke the REST services.

      I think a simple but exaustive way to achieve this can be the direct mapping of the REST services described in http://sling.apache.org/site/managing-users-and-groups-jackrabbitusermanager.html and http://sling.apache.org/site/managing-permissions-jackrabbitaccessmanager.html, only using well-known JCR classes.
      For example, obtaining the users list could be as simple as getting the UserManager OSGI service and invoking a method like "public NodeIterator listUsers()", changing a permission could be achieved by getting the AccessManager OSGI service and invoking a method like "public void modifyPermission(String node_path, String principalId, String privilege_name, String privilege_value, String order)", and so on...

      Perhaps the best way to standardize these services is a dedicated API that formalizes the underlying concepts (ex: User, Group, Privilege and NodeAccessControl... if you think it's the case, i could propose my own...), but i think the simple REST services mapping could already be a nice (and ready-to-go) feature for developers...

      Attachments

        Issue Links

          Activity

            enorman Eric Norman added a comment - - edited

            Split the original issue into two defects to handle the services api for usermanager and accessmanager separately

            enorman Eric Norman added a comment - - edited Split the original issue into two defects to handle the services api for usermanager and accessmanager separately
            enorman Eric Norman added a comment - - edited fixed in revision 1124537. Added services that mirror the REST usermanager operations. See: http://svn.apache.org/repos/asf/sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/ChangeUserPassword.java http://svn.apache.org/repos/asf/sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/CreateGroup.java http://svn.apache.org/repos/asf/sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/CreateUser.java http://svn.apache.org/repos/asf/sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/DeleteAuthorizables.java http://svn.apache.org/repos/asf/sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/DeleteGroup.java http://svn.apache.org/repos/asf/sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/DeleteUser.java http://svn.apache.org/repos/asf/sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/UpdateGroup.java http://svn.apache.org/repos/asf/sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/UpdateUser.java

            People

              enorman Eric Norman
              fabris Fabrizio Scarcello
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: