jackrabbit-oak-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "angela (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (OAK-1147) SecureNodeBuilder/SecureNodeState: Consider using 'TreePermission#canReadProperties'
Date Tue, 05 Nov 2013 17:02:18 GMT

    [ https://issues.apache.org/jira/browse/OAK-1147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13814044#comment-13814044

angela commented on OAK-1147:

ok... but the counting method didn't test for the readability of the node. and nor does getProperty/hasProperty.
as far as the implementation is concerned: it's really simplistic and in fact only return
true for {{#canReadProperties}} if the entry also defines the read-access for the tree itself.

so far i don't have any strong feeling for either way as long as it is consistent across all
property access.

> SecureNodeBuilder/SecureNodeState: Consider using 'TreePermission#canReadProperties'
> ------------------------------------------------------------------------------------
>                 Key: OAK-1147
>                 URL: https://issues.apache.org/jira/browse/OAK-1147
>             Project: Jackrabbit Oak
>          Issue Type: Improvement
>            Reporter: angela
>            Assignee: angela
>         Attachments: OAK-1147.patch
> the methods #getProperties and #getPropertyCount have a shortcut for those cases where
all properties are accessible.
> however, the current implemention requires SecurityContext#canReadAll to return true
in order to enable the shortcut. without knowing the very details of the SecureNodeState/Builder
i would have expected that #canReadAllProperties would be sufficient.
> [~jukkaz], do you remember what was the reason for using #canReadAll here? i changed
it for test purpose and didn't see any difference... but that may also imply that we don't
have enough or specific tests for this.

This message was sent by Atlassian JIRA

View raw message