angela (JIRA)
Mon, 08 Feb 2010 23:47:53 -0800
[
https://issues.apache.org/jira/browse/JCR-2488?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12831338#action_12831338
]
angela commented on JCR-2488: ----------------------------- not sure if i like this idea. it's the behavior of this ACLProvider that the entries inherited from the parent nodes are respected. however, i'm currently working on the performance of ac evaluation and i planned to moved the collection of effective ACEs to a top level class. i could easily add means so you can provide your own collector that doesn't walk up the hierarchy. > Add the ability to disable inheriting ancestor ACLs > --------------------------------------------------- > > Key: JCR-2488 > URL: https://issues.apache.org/jira/browse/JCR-2488 > Project: Jackrabbit Content Repository > Issue Type: Improvement > Components: security > Affects Versions: 2.0.0 > Reporter: Weston Bustraan > Priority: Minor > > The current ACL implementation will walk the tree from the item being > accessed, up to the root, collecting ACL entries for all the ancestors. With > this system, there is no easy way to restrict access to subnodes except by > adding DENY entries to negate the entries inherited from the parent nodes. > I'd like to request a way to turn this behavior off either at a node level or > global level. > The place where recursion is happening is in > org.apache.jackrabbit.core.security.authorization.acl.ACLProvider$Entries.collectEntries(NodeImpl > node). Inside this method, it could perhaps check a global parameter or the > existence of property of the ACL policy node to determine whether to recurse > up the tree. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.