Return-Path: X-Original-To: apmail-jackrabbit-oak-dev-archive@minotaur.apache.org Delivered-To: apmail-jackrabbit-oak-dev-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 961D210FFF for ; Thu, 26 Sep 2013 13:00:50 +0000 (UTC) Received: (qmail 84145 invoked by uid 500); 26 Sep 2013 13:00:46 -0000 Delivered-To: apmail-jackrabbit-oak-dev-archive@jackrabbit.apache.org Received: (qmail 83987 invoked by uid 500); 26 Sep 2013 13:00:42 -0000 Mailing-List: contact oak-dev-help@jackrabbit.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: oak-dev@jackrabbit.apache.org Delivered-To: mailing list oak-dev@jackrabbit.apache.org Received: (qmail 83206 invoked by uid 99); 26 Sep 2013 13:00:41 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 26 Sep 2013 13:00:41 +0000 X-ASF-Spam-Status: No, hits=-1.3 required=5.0 tests=FRT_ADOBE2,RCVD_IN_DNSWL_MED,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of anchela@adobe.com designates 64.18.1.187 as permitted sender) Received: from [64.18.1.187] (HELO exprod6og104.obsmtp.com) (64.18.1.187) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 26 Sep 2013 13:00:33 +0000 Received: from outbound-smtp-1.corp.adobe.com ([192.150.11.134]) by exprod6ob104.postini.com ([64.18.5.12]) with SMTP ID DSNKUkQv2jhOuSVGNmcVKRQ8LujjVI7opbBU@postini.com; Thu, 26 Sep 2013 06:00:12 PDT Received: from inner-relay-1.corp.adobe.com ([153.32.1.51]) by outbound-smtp-1.corp.adobe.com (8.12.10/8.12.10) with ESMTP id r8QCuWiH009176 for ; Thu, 26 Sep 2013 05:56:32 -0700 (PDT) Received: from nacas01.corp.adobe.com (nacas01.corp.adobe.com [10.8.189.99]) by inner-relay-1.corp.adobe.com (8.12.10/8.12.10) with ESMTP id r8QD086A014826 for ; Thu, 26 Sep 2013 06:00:09 -0700 (PDT) Received: from eurcas01.eur.adobe.com (10.128.4.27) by nacas01.corp.adobe.com (10.8.189.99) with Microsoft SMTP Server (TLS) id 8.3.327.1; Thu, 26 Sep 2013 06:00:08 -0700 Received: from eurmbx01.eur.adobe.com ([10.128.4.32]) by eurcas01.eur.adobe.com ([10.128.4.27]) with mapi; Thu, 26 Sep 2013 14:00:04 +0100 From: Angela Schreiber To: "oak-dev@jackrabbit.apache.org" Date: Thu, 26 Sep 2013 13:59:59 +0100 Subject: Re: Workspace#copy with referenceable nodes Thread-Topic: Workspace#copy with referenceable nodes Thread-Index: Ac66uFEU8HjmYApwRRiPHrOckSLj8w== Message-ID: In-Reply-To: <9C0FC4C8E9C29945B01766FC7F9D389818A74DA9BA@eurmbx01.eur.adobe.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/14.3.2.130206 acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Virus-Checked: Checked by ClamAV on apache.org hi marcel ok, that's another way of looking at it. i somehow expected the copy to be performed on the complete tree defined by the specified source. but you are right, if the permissions were be inherited from an ancestor node, the result of the copy might expose information that was not accessible before. as it can also happen, that they are no longer accessible at the destination although the source was accessible (think of some wild card restrictions). however, if the access rights were part of the copied tree a full copy would IMO result in the same access rights. in addition i wonder what happens if the original source tree contains intermediate nodes that were not accessible but the subtrees were again... wouldn't that qualify as well as being part of the subtree of the source that needs to be copied? we would not get these copied with the current approach. kind regards angela On 9/26/13 11:43 AM, "Marcel Reutegger" wrote: >Hi, > >> 1) Root#copy >> 2) Traverse the tree and set new jcr:uuid properties >> 3) Update references >>=20 >> IMO this fix is not correct and will not work because it's not built >> on the nodestate level. The latest root used for the copy will >> only see those items accessible to the editing session (i.e. permission >> constraints are enforced). > >but you wouldn't want to copy items you don't have access to, right? >the current oak implementation simply copies what is accessible by >the editing session. anything else seemed wrong to me and will >leak information not accessible to the editing session. > >> similarly the editing session is not guaranteed to see all (weak) >> reference properties in the copied subtree and again the contract >> defined by the specification cannot be met. > >my interpretation of the contract was from the editing session POV. >if the editing session does not see a weak reference, then it is simply >not copied and becomes a non-issue. on the other hand if the >editing session does not have access to referenced node, then there >is no reason to update the weak reference. because per specification >the referenced node is not within the scope of the copied subtree >and the reference is dangling as it was before. > >the situation with regular references is a bit different and I think there >we actually need to do something more. a node of a copied sub-tree >may reference a node not accessible to the editing session. right now >it simply copies the dangling reference, but I think it would be better >to fail the operation in this case. > >> what is needed IMO is a low-level copy within the Root#copy call >> which can get access to all jcr:uuid properties and all (weak) >>references >> present in the copied tree. > >I don't think this will work. either only the items accessible to the >editing session is copied or the operation will leak information the >editing session is not allowed to see. > >regards > marcel >