All, I will go ahead and commit J2-475 today. I ran into a couple unit test issues but should have this completed today. Thanks for all your hard work David.
Regards, David Le Strat --- David Jencks <[EMAIL PROTECTED]> wrote: > I have some more ideas on how the jetspeed > permissions might be > changed so many fewer permission checks are needed. > However, before > I start working on them I really need to wait for > JS2-475 to be > resolved. I've now spent a lot of time redoing > patches for 475 due > both to my own lack of care to save enough versions > of my work and > overlapping patches and even more due to the code > changing under my > patch and having to reimplement portions in the > changed code. I > believe the code in JS2-444 geronmo-jetspeed11.zip > is current with > jetspeed source. i may have trouble justifying much > more time spent > keeping it up to date with source changes. > > So, my ideas: > > I think it is possible to combine PagePermission and > FolderPermission > into one, perhaps PathPermission with slightly more > complex patch > comparison operations. I don't understand how > FragmentPermission is > used well enough yet to have an idea as to whether > FragmentPermission > can also use the same class. The goal here is to > construct a single > PathPermission for a request and evaluate it against > the set of > PathPermissions for the user. If we can test a > PagePermission > against a FolderPermission then at least one fewer > call into > AccessController will be needed if the access is > granted by a > FolderPermission rather than a PagePermission. > > The other idea is that it should not be necessary to > recursively > check folder view permissions down to the root. > This can be > precomputed statically before runtime so that the > permissions set > only includes view permissions for which every > folder on the path to > the root has view access. > > I've previously mentioned the possibility of > converting the > constraints system to use masks rather than > extensive string > manipulations, in line with the permissions changes > in JS2-475. On > the other hand there is a lot of duplicate logic > between the > permissions and constraint security implementations > and I wonder if > it would be possible to either base the logic > decisions in the > constraints on permission instances or simply extend > the permissions > system to have the same capabilities of the > constraints system and > use only permissions. Again, I can't really move > forward on this > until JS2-475 is resolved. > > Many thanks, > david jencks > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > > ________________________ David Le Strat Blogging @ http://dlsthoughts.blogspot.com __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
