jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Weston Bustraan (JIRA)" <j...@apache.org>
Subject [jira] Created: (JCR-2488) Add the ability to disable inheriting ancestor ACLs
Date Mon, 08 Feb 2010 18:51:31 GMT
Add the ability to disable inheriting ancestor ACLs

                 Key: JCR-2488
                 URL: https://issues.apache.org/jira/browse/JCR-2488
             Project: Jackrabbit Content Repository
          Issue Type: Improvement
          Components: security
    Affects Versions: 2.0.0
            Reporter: Weston Bustraan
            Priority: Minor

The current ACL implementation will walk the tree from the item being accessed, up to the
root, collecting ACL entries for all the ancestors. With this system, there is no easy way
to restrict access to subnodes except by adding DENY entries to negate the entries inherited
from the parent nodes.

I'd like to request a way to turn this behavior off either at a node level or global level.

The place where recursion is happening is in org.apache.jackrabbit.core.security.authorization.acl.ACLProvider$Entries.collectEntries(NodeImpl
node). Inside this method, it could perhaps check a global parameter or the existence of property
of the ACL policy node to determine whether to recurse up the tree.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message