jackrabbit-oak-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Angela Schreiber <anch...@adobe.com>
Subject Re: svn commit: r1465664 - /jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/SecureNodeState.java
Date Wed, 10 Apr 2013 10:04:33 GMT
hi jukka

sure... that's correct. but the original code didn't apply this
for leaf-only nodes. if you want to add this optimization, just
go ahead; READ_THIS_PROPERTIES was in this case sufficient.

regards
angela

On 4/10/13 11:43 AM, Jukka Zitting wrote:
> Hi,
>
> On Wed, Apr 10, 2013 at 12:30 PM, Angela Schreiber<anchela@adobe.com>  wrote:
>> my point is that permission evaluation should only occur if the
>> corresponding tree or property is really being read.
>
> Pre-evaluating the permissions for a node with no children should be
> fine from that perspective, as it's highly likely that the client is
> going to read that node instead of trying to traverse the tree
> further.
>
>> as i stated before this currently doesn't work with the way the
>> readstatus is being calculated... it would need to check
>> for 'read + read-access-control' in order to be really sure that
>> ALL items including access control content can be read.
>
> Note that by definition a node with no children can have no access
> control content below it. Thus the READ_ALL (or just
> READ_THIS_PROPERTIES) check should be everything that's needed to
> guarantee full access to that node.
>
> BR,
>
> Jukka Zitting

Mime
View raw message