I tried to "extend" the CMS api with my own commands, but it turns out that the
authorization interceptor does only work with the built in commands. The class names etc.
are hardcoded there and in ACLEnforcer.
Why even bother with the commands if users can't write their own? Or couldn't
there be some interface that is used in the ACL-classes so that the specific class names
wouldn't need to be known (like getPath() for getting the path instead of casting the
commands to the concrete classes).
And another thing.
The GetFolderListCommand needs the READ permission but the contents (ie. the actual folder
list for the parent folder passed as parameter) need the WRITE/MANAGE permission for the
child nodes. Apparently this is also hardcoded in the acl-classes because the list command
is used in the cms admin tool which of course only shows nodes that the user has WRITE
permission to...
Is there a way to get the list so that the READ permission would be sufficient to get a
folder and a list of its child folders?
And one more. Is there a plan to upgrade the jackrabbit version to a more current one?
There are some nice features in the newer versions (hit highlighting for example).
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4100810#...
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...