Add the ability to disable inheriting ancestor ACLs
---------------------------------------------------
Key: JCR-2488
URL: https://issues.apache.org/jira/browse/JCR-2488
Project: Jackrabbit Content Repository
Issue Type: Improvement
Components: security
Affects Versions: 2.0.0
Reporter: Weston Bustraan
Priority: Minor
The current ACL implementation will walk the tree from the item being accessed,
up to the root, collecting ACL entries for all the ancestors. With this system,
there is no easy way to restrict access to subnodes except by adding DENY
entries to negate the entries inherited from the parent nodes.
I'd like to request a way to turn this behavior off either at a node level or
global level.
The place where recursion is happening is in
org.apache.jackrabbit.core.security.authorization.acl.ACLProvider$Entries.collectEntries(NodeImpl
node). Inside this method, it could perhaps check a global parameter or the
existence of property of the ACL policy node to determine whether to recurse up
the tree.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
