[GitHub] [jackrabbit-oak] anchela commented on a change in pull request #471: OAK-9675 allow authorizable properties defined by a mixin

Thu, 10 Feb 2022 05:53:11 -0800 


anchela commented on a change in pull request #471:
URL: https://github.com/apache/jackrabbit-oak/pull/471#discussion_r803695863



##########
File path: 
oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizablePropertiesImpl.java
##########
@@ -234,9 +236,34 @@ private PropertyState getAuthorizableProperty(@NotNull 
Tree authorizableTree, @N
         }
         ReadOnlyNodeTypeManager nodeTypeManager = 
authorizable.getUserManager().getNodeTypeManager();
         PropertyDefinition def = nodeTypeManager.getDefinition(parent, 
property, true);
-        if (def.isProtected() || (authorizablePath.equals(parent.getPath())
-                && 
!def.getDeclaringNodeType().isNodeType(UserConstants.NT_REP_AUTHORIZABLE))) {
+        if (def.isProtected()) {
+            // exclude all protected properties
             return null;
+        } else if (authorizablePath.equals(parent.getPath())) {
+            // non-protected properties on the root must be defined by the 
expected
+            //  primary type or one of the configured mixin types
+            Boolean allowed = null;
+            NodeType declaringNodeType = def.getDeclaringNodeType();
+            if 
(declaringNodeType.isNodeType(UserConstants.NT_REP_AUTHORIZABLE)) {
+                // defined by the expected primary type so allowed
+                allowed = Boolean.TRUE;

Review comment:
       @enapps-enorman , thanks for the insight.... and yes.... i am always 
curious to understand the reason behind a feature request or a patch. so 
thanks..... and it helps.
   
   i am still wondering if it would make sense to automatically add the 
configured mixin types to the node that holds the authorizable-properties. that 
would avoid that developers have to make some assumptions about the way user 
properties are being stored in the repository.... in particular if the 
properties are stored with an relative path.... because i guess you would not 
want such huge binaries to be uploaded to <user-node>/some/subtree either, 
would you?




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to