hi jukka
sure... that's correct. but the original code didn't apply this
for leaf-only nodes. if you want to add this optimization, just
go ahead; READ_THIS_PROPERTIES was in this case sufficient.
regards
angela
On 4/10/13 11:43 AM, Jukka Zitting wrote:
Hi,
On Wed, Apr 10, 2013 at 12:30 PM, Angela Schreiber<[email protected]> wrote:
my point is that permission evaluation should only occur if the
corresponding tree or property is really being read.
Pre-evaluating the permissions for a node with no children should be
fine from that perspective, as it's highly likely that the client is
going to read that node instead of trying to traverse the tree
further.
as i stated before this currently doesn't work with the way the
readstatus is being calculated... it would need to check
for 'read + read-access-control' in order to be really sure that
ALL items including access control content can be read.
Note that by definition a node with no children can have no access
control content below it. Thus the READ_ALL (or just
READ_THIS_PROPERTIES) check should be everything that's needed to
guarantee full access to that node.
BR,
Jukka Zitting
