Sling
  1. Sling
  2. SLING-2083

AccessManager permissions manipulation services API

    Details

      Description

      It would be nice if the jackrabbit.accessmanager bundle expose OSGI service(s) that maps exactly the functionalities of the REST services, so that one can use their features also in a programmatic way.

      This can be useful if an application has to manage permissions without having an explicit request object (ex: from an EventListener), or in the case a user has to manipulate his account (in this case he doesn't have an administrative account, so his requests are not permitted to modify users). Also i think that, in certain situations, it could be just cleaner and simpler to write a servlet or script that directly invoke the methods, instead of find the way to invoke the REST services.

        Issue Links

          Activity

          Carsten Ziegeler made changes -
          Status Resolved [ 5 ] Closed [ 6 ]
          Gavin made changes -
          Workflow re-open possible,doc-test-required [ 12787867 ] no-reopen-closed,doc-test-required [ 12790733 ]
          Gavin made changes -
          Workflow no-reopen-closed,doc-test-required [ 12766290 ] re-open possible,doc-test-required [ 12787867 ]
          Gavin made changes -
          Workflow Copy of no-reopen-closed,doc-test-required [ 12764750 ] no-reopen-closed,doc-test-required [ 12766290 ]
          Gavin made changes -
          Workflow no-reopen-closed,doc-test-required [ 12613993 ] Copy of no-reopen-closed,doc-test-required [ 12764750 ]
          Eric Norman made changes -
          Status Open [ 1 ] Resolved [ 5 ]
          Fix Version/s JCR Jackrabbit Access Manager 2.1.2 [ 12315522 ]
          Resolution Fixed [ 1 ]
          Eric Norman made changes -
          Assignee Eric Norman [ edn ]
          Eric Norman made changes -
          Labels accessmanager api programmatically service usermanager accessmanager api programmatically service
          Affects Version/s JCR Jackrabbit User Manager 2.1.0 [ 12314773 ]
          Description It would be nice if the jackrabbit.accessmanager and jackrabbit.usermanager bundles expose OSGI service(s) that maps exactly the functionalities of the REST services, so that one can use their features also in a programmatic way.

          This can be useful if an application has to manage users and permissions without having an explicit request object (ex: from an EventListener), or in the case a user has to manipulate his account (in this case he doesn't have an administrative account, so his requests are not permitted to modify users). Also i think that, in certain situations, it could be just cleaner and simpler to write a servlet or script that directly invoke the methods, instead of find the way to invoke the REST services.

          I think a simple but exaustive way to achieve this can be the direct mapping of the REST services described in http://sling.apache.org/site/managing-users-and-groups-jackrabbitusermanager.html and http://sling.apache.org/site/managing-permissions-jackrabbitaccessmanager.html, only using well-known JCR classes.
          For example, obtaining the users list could be as simple as getting the UserManager OSGI service and invoking a method like "public NodeIterator listUsers()", changing a permission could be achieved by getting the AccessManager OSGI service and invoking a method like "public void modifyPermission(String node_path, String principalId, String privilege_name, String privilege_value, String order)", and so on...

          Perhaps the best way to standardize these services is a dedicated API that formalizes the underlying concepts (ex: User, Group, Privilege and NodeAccessControl... if you think it's the case, i could propose my own...), but i think the simple REST services mapping could already be a nice (and ready-to-go) feature for developers...

          It would be nice if the jackrabbit.accessmanager bundle expose OSGI service(s) that maps exactly the functionalities of the REST services, so that one can use their features also in a programmatic way.

          This can be useful if an application has to manage permissions without having an explicit request object (ex: from an EventListener), or in the case a user has to manipulate his account (in this case he doesn't have an administrative account, so his requests are not permitted to modify users). Also i think that, in certain situations, it could be just cleaner and simpler to write a servlet or script that directly invoke the methods, instead of find the way to invoke the REST services.
          Eric Norman made changes -
          Field Original Value New Value
          Link This issue is a clone of SLING-1555 [ SLING-1555 ]
          Eric Norman created issue -

            People

            • Assignee:
              Eric Norman
              Reporter:
              Eric Norman
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development