[
https://issues.apache.org/jira/browse/OAK-766?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13627698#comment-13627698
]
Michael Dürig commented on OAK-766:
-----------------------------------
{{TreeLocation}} was introduced to separate tree navigability from access
control on the tree level.
If we move permission evaluation to the node state level, we should IMO get rid
of {{TreeLocation}} and its implementations. Instead we should leverage /
extend the concept of iterability and existence of node states to meet the
specific requirements here.
> TreeImpl#NodeLocation does not allow to retrieve child location if access to
> parent is denied
> ---------------------------------------------------------------------------------------------
>
> Key: OAK-766
> URL: https://issues.apache.org/jira/browse/OAK-766
> Project: Jackrabbit Oak
> Issue Type: Bug
> Components: core
> Reporter: angela
>
> as a consequence of OAK-709 we now have an issue with the way
> SessionDelegate and Root#getLocation access a node in the hierarchy
> which has an ancestor which is not accessible.
> specifically RootImpl#getLocation will be served a NullLocation for the
> first ancestor which is not accessible and consequently any accessible
> child node cannot be accessed.
> in order to reproduce the issue you may:
> - change AccessControlConfigurationImpl to use PermissionProviderImpl instead
> of the tmp solution
> - and run o.a.j.oak.jcr.security.authorization.ReadTest#testReadDenied
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
