jackrabbit-oak-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tommaso Teofili (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (OAK-2473) ACL checks on suggestions
Date Fri, 06 Feb 2015 14:25:34 GMT

    [ https://issues.apache.org/jira/browse/OAK-2473?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14309213#comment-14309213

Tommaso Teofili commented on OAK-2473:

the approached discussed offline with [~chetanm] and [~tmueller] is to run the suggest query
unfiltered and then to run another query for each of the returned suggestion to check if the
calling user is allowed to read at least one of the resulting nodes.
Possible implementations are:
- in the query engine, pros: generic implement once, cons: possibly complex to run reentrant
queries, not possible to leverage any index specific capability
- in the index implementations, pros: possible to leverage specific index implementations,
easier to run multiple queries in one JCR / Oak query, cons: need to implement ACL check mechanism
for suggestion per index

> ACL checks on suggestions
> -------------------------
>                 Key: OAK-2473
>                 URL: https://issues.apache.org/jira/browse/OAK-2473
>             Project: Jackrabbit Oak
>          Issue Type: Sub-task
>          Components: query
>            Reporter: Tommaso Teofili
>             Fix For: 1.1.7
> Support for ACL check suggestions needs to be added to avoid providing suggestions coming
from index data whose source nodes / properties were not meant to be readable from the calling

This message was sent by Atlassian JIRA

View raw message