jackrabbit-oak-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Dürig (JIRA) <j...@apache.org>
Subject [jira] [Updated] (OAK-1998) Accessible tree below a non-accessible parent are HiddenTree
Date Tue, 29 Jul 2014 16:07:39 GMT

     [ https://issues.apache.org/jira/browse/OAK-1998?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Michael Dürig updated OAK-1998:

    Assignee: angela  (was: Michael Dürig)

> Accessible tree below a non-accessible parent are HiddenTree
> ------------------------------------------------------------
>                 Key: OAK-1998
>                 URL: https://issues.apache.org/jira/browse/OAK-1998
>             Project: Jackrabbit Oak
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 1.0, 1.0.1, 1.0.2, 1.0.3
>            Reporter: angela
>            Assignee: angela
>            Priority: Critical
>             Fix For: 1.0.4
>         Attachments: OAK-1998_(tests).patch
> fixing OAK-1441 introduced a regression with respect to trees that are accessible though
one of their parent nodes isn't. The problem is that the fix for OAK-1441 doesn't distinguish
between 'hidden' trees and trees that are not accessible.
> - Hidden Trees: the complete subtree defined by the tree starting with ":" must be hidden
irrespective of the access control setup. example: Index.
> - Non-Accessible Tree: This is a matter of access control setup and it might be that
a child node is readable again. Example: the version store is not accessible by default but
the individual version histories (and versions) are accessible if the corresponding versionable
node is.
> The second use case is broken due to the missing distinction and the fact the a HiddenTree
always makes a child node hidden.
> Proposed solution: I think we have to make a clear separation between hidden trees and
trees that are not accessible and which are not hidden.
> the former defines a complete tree that is hidden (current approach is correct) but for
the latter we need proper permission evaluation upon access... these nodes must not be "HiddenTree"s.

This message was sent by Atlassian JIRA

View raw message