Previous
2.10 2.1 to 2.2 compatibility
2.10.1 Acess control (ACL) changes
2.10.1.1 Read access details added, read-live permission removed
IMPORTANT CHANGE! Anyone making use of access control should read this.
The ACL model has been extended to allow to define detailed permissions when granting the read permission. We call this read access details.
As part of this change, the 'read live' permission has been removed, and has been replaced by a read access detail. Instead of granting the 'read live' permission, now you grant the read permission, and in the read access details, you specify that non-live versions cannot be read.
The database upgrade script will adjust the ACL configuration in the database to the new format, but due to the nature of the ACL structure, this upgrade can't be done perfectly (in all cases). Therefore if you rely on the read-live permission, after upgrading you should check that the ACL still behaves as intended.
As an example, a situation like this cannot be automatically upgraded correctly:
Read-live Read grant grant don't change deny
2.10.1.2 ACL API changes
As a consequence of these changes, the enumeration value AclPermission.READ_LIVE has been removed, programs making use of this will need to be updated.
To check if a user has read access to a document, before you would have done:
aclResultInfo.isAllowed(AclPermission.READ); or aclResultInfo.getActionType(AclPermission.READ) == AclActionType.GRANT
Now, this doesn't guarantee anymore that the user has full read access (i.e. to non-live versions, to all fields and parts, ...). If you want to verify the user has full read access, you can use this convenience method:
aclResultInfo.isFullyAllowed(AclPermission.READ);
2.10.1.3 ACL XML format changes
The XML representation of the ACL has also changed a bit. Permissions as part of an d:aclEntry are now specified in the same way as in d:aclResultInfo, with an extensible set of elements rather than attributes. This makes it possible to add the accessDetails as a child element. Besides, it also adds more consistency and makes it easier to add new types of permissions.