In geometrix site if I need to get the results for page which has only user X has access
Following query pulls all the records but I need to restrict to user X who can access contents at /content/geometrixx
What are the parameters that need to be included in the url
Solved! Go to Solution.
Views
Replies
Total Likes
When you use the QUeryBuilder Java API from within an OSGi bundle - you have much finer control than the Rest API. For example -- you can control when the call is made and under what circumstances by developing correct application logic. You can see who the user is and if its not the user that you want - then do not let the call proceed. In other words - write application logic to control this.
Information about the Query Builder Restful API is here:
http://dev.day.com/docs/en/cq/current/dam/customizing_and_extendingcq5dam/query_builder.html
There are different examples -- including using Groups.
Views
Replies
Total Likes
When you use the QUeryBuilder Java API from within an OSGi bundle - you have much finer control than the Rest API. For example -- you can control when the call is made and under what circumstances by developing correct application logic. You can see who the user is and if its not the user that you want - then do not let the call proceed. In other words - write application logic to control this.
Information about the Query Builder Restful API is here:
http://dev.day.com/docs/en/cq/current/dam/customizing_and_extendingcq5dam/query_builder.html
There are different examples -- including using Groups.
Views
Replies
Total Likes
By default the query builder servlet uses the session, which has been created with the permissions of the logged in user. So if you want to get results only a user X can see, you should send proper authentication for the user X for this request to the querybuilder, and that's it.
If you don't want to do this, you need to write your own servlet (or a wrapper around the querybuilder servlet), which accepts the username as a parameter, opens a session for this user and then does the query in the scope of this session.
Jörg
Views
Replies
Total Likes
Agree with scott. If you have dispatcher use mod_security example at http://helpx.adobe.com/experience-manager/kb/restrict-system-administrator-login-specific.html
Additionally you can use filter an sample example of different use case at http://aemfaq.blogspot.com/2013/05/blocking-anonymous-access-to-crx-in-non.html
Views
Replies
Total Likes