jackrabbit-oak-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jukka Zitting <jukka.zitt...@gmail.com>
Subject Re: svn commit: r1465664 - /jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/SecureNodeState.java
Date Wed, 10 Apr 2013 09:43:17 GMT

On Wed, Apr 10, 2013 at 12:30 PM, Angela Schreiber <anchela@adobe.com> wrote:
> my point is that permission evaluation should only occur if the
> corresponding tree or property is really being read.

Pre-evaluating the permissions for a node with no children should be
fine from that perspective, as it's highly likely that the client is
going to read that node instead of trying to traverse the tree

> as i stated before this currently doesn't work with the way the
> readstatus is being calculated... it would need to check
> for 'read + read-access-control' in order to be really sure that
> ALL items including access control content can be read.

Note that by definition a node with no children can have no access
control content below it. Thus the READ_ALL (or just
READ_THIS_PROPERTIES) check should be everything that's needed to
guarantee full access to that node.


Jukka Zitting

View raw message