An attempt to remove a node will trigger a call with the remove action on the subject node and call with the remove_child_nodes action on the parent node. Both must return true for the operation to proceed. If your PEP needs to enforce deletes in a cascading fashion, as when using access roles, then the "remove" action must include the permissions check of remove on descendant nodes. (See AbstractRoleBasedPEP for an example)

Roles-Aware PEPs

There is a convenience abstract class for those implementing policy enforcement points that need to be aware of access roles. If you subclass this AbstractRolesBasedPEP class, then your implementation can be reduced to a single method.

Page tree

Versions Compared

Old Version 2

New Version 3

Key

Roles-Aware PEPs

Page tree

Page History

Versions Compared

Old Version 2

New Version 3

Key

Roles-Aware PEPs