I am able to get a list of nodes using my query but want to get a list of nodes using certain permissions for e.g. list of nodes having read only permissions
Is it possible to restrict the nodes using ACL permissions.
Any query example to accomplish this would be great.
Solved! Go to Solution.
Views
Replies
Total Likes
I guess, that's not possible via JCR Query; mostly because the access control system used by Jackrabbit (by default) and AEM relies on inheritance. So the permissions a user has on a certain node is not expressed as a node or properties, but is computed out of inherited ACEs and ACEs directly attached to the node, from both groups (recursivly) and the user itself.
So, you probably need to filter your query result via session.hasPermission().
kind regards,
Jörg
I guess, that's not possible via JCR Query; mostly because the access control system used by Jackrabbit (by default) and AEM relies on inheritance. So the permissions a user has on a certain node is not expressed as a node or properties, but is computed out of inherited ACEs and ACEs directly attached to the node, from both groups (recursivly) and the user itself.
So, you probably need to filter your query result via session.hasPermission().
kind regards,
Jörg
You can try this link
http://sling.apache.org/site/managing-users-and-groups-jackrabbitusermanager.html
As per the documentation from Yogesh, we should be able to get the info about a particular not as
http://www.wemblog.com/2012/03/how-to-do-user-management-using-post.html
Read Permission:
$ curl -u admin:admin -F:applyTo=myuser http://localhost:4502/<Path>.acl.json
OR
$ curl -u admin:admin -F:applyTo=myuser http://localhost:4502/<Path>.eacl.json
Somehow when I tried http://localhost:4502/content/geometrixx/en.acl.json I get 404 error
I am not sure whether we have to do some configuration in order to get acl info of the node.
If you get json info from the URL you can filter out for a particular permission.
Hi J'org,
This is a query I got from one of the forums. Can you confirm if this can be used:
select * from [rep:GrantACE] where ISDESCENDANTNODE([/PATHSPECIFIED/]) and [rep:privileges] ='jcr:read'
Thanks,
Techno
This gives you all the nodes, which have are a rep:GrantACE nodes which give read permissions. But you don't take the ACL inheritance into account.
What you can do: the results of a query are filtered through the permissions of the sessions (which reflects the permissions of the user, which logged in); when you have a user, for which you want to know the documents which she can read, either just iterate through all of them or perform a query; you don't need to filter by any ACL yourself, as the repository is doing that.
Remember: When you have a session, you can only access nodes the user has read permissions on. Be it via session.getNode() or via JCR query.
kind regards,
Jörg