jackrabbit-oak-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jukka Zitting <jukka.zitt...@gmail.com>
Subject Re: svn commit: r1465664 - /jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/SecureNodeState.java
Date Wed, 10 Apr 2013 09:43:17 GMT
Hi,

On Wed, Apr 10, 2013 at 12:30 PM, Angela Schreiber <anchela@adobe.com> wrote:
> my point is that permission evaluation should only occur if the
> corresponding tree or property is really being read.

Pre-evaluating the permissions for a node with no children should be
fine from that perspective, as it's highly likely that the client is
going to read that node instead of trying to traverse the tree
further.

> as i stated before this currently doesn't work with the way the
> readstatus is being calculated... it would need to check
> for 'read + read-access-control' in order to be really sure that
> ALL items including access control content can be read.

Note that by definition a node with no children can have no access
control content below it. Thus the READ_ALL (or just
READ_THIS_PROPERTIES) check should be everything that's needed to
guarantee full access to that node.

BR,

Jukka Zitting

Mime
View raw message