[
https://issues.apache.org/jira/browse/JCR-2488?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12831338#action_12831338
]
angela commented on JCR-2488:
-----------------------------
not sure if i like this idea. it's the behavior of this ACLProvider that the
entries inherited from the parent nodes
are respected.
however, i'm currently working on the performance of ac evaluation and i
planned to moved the collection of effective ACEs to a top level class. i could
easily add means so you can provide your own collector that doesn't walk up the
hierarchy.
> Add the ability to disable inheriting ancestor ACLs
> ---------------------------------------------------
>
> Key: JCR-2488
> URL: https://issues.apache.org/jira/browse/JCR-2488
> Project: Jackrabbit Content Repository
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.0.0
> Reporter: Weston Bustraan
> Priority: Minor
>
> The current ACL implementation will walk the tree from the item being
> accessed, up to the root, collecting ACL entries for all the ancestors. With
> this system, there is no easy way to restrict access to subnodes except by
> adding DENY entries to negate the entries inherited from the parent nodes.
> I'd like to request a way to turn this behavior off either at a node level or
> global level.
> The place where recursion is happening is in
> org.apache.jackrabbit.core.security.authorization.acl.ACLProvider$Entries.collectEntries(NodeImpl
> node). Inside this method, it could perhaps check a global parameter or the
> existence of property of the ACL policy node to determine whether to recurse
> up the tree.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
