[Cosmo-dev] WebDAV ACL tasks separation and questions
Brian Moseley
bcm at osafoundation.org
Tue Dec 5 20:52:38 PST 2006
On 12/5/06, Vinubalaji Gopal <vinu at osafoundation.org> wrote:
> 1. Do we need to make Acl configurable like in Slide:
> (http://jakarta.apache.org/slide/index.html).
no, not at all. we should have a small, statically defined permission
set - read, write, freebusy.
> 2. bcm said that we still do some security checks after the Acegi voters
> are finished with the voting - mainly for a plug-able architecture. I
> don't see the place that is happening in the dav. Is it consistent
> throughout Cosmo and can you point me the place where it happens?
these two methods have complicated security requirements:
DavServlet.doReport
DavServlet.doDelTicket
here's an example of where we want to do instance filtering based on
the permissions of the viewer:
DavResouceBase.getTickets
More information about the cosmo-dev
mailing list