Hi, On Wed, Apr 10, 2013 at 12:30 PM, Angela Schreiber <[email protected]> wrote: > my point is that permission evaluation should only occur if the > corresponding tree or property is really being read.
Pre-evaluating the permissions for a node with no children should be fine from that perspective, as it's highly likely that the client is going to read that node instead of trying to traverse the tree further. > as i stated before this currently doesn't work with the way the > readstatus is being calculated... it would need to check > for 'read + read-access-control' in order to be really sure that > ALL items including access control content can be read. Note that by definition a node with no children can have no access control content below it. Thus the READ_ALL (or just READ_THIS_PROPERTIES) check should be everything that's needed to guarantee full access to that node. BR, Jukka Zitting
