[ https://issues.apache.org/jira/browse/OAK-766?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13627713#comment-13627713 ]
angela commented on OAK-766: ---------------------------- [~mduerig] the problem is that there is no way on the OAK api to navigate to a property if access to the parent is not allowed. therefore it doesn't help dropping the TreeLocation if we don't add an equivalent on the oak-api. this could be any of: - Root#getProperty(String absPath) in addition to the existing Root#getTree(absPath) - Tree#getProperty(String relativePath) and Tree#getTree(String relativePath) - ... i don't care too much how we make that available as long as we have it available and respect our security requirements that a tree is not accessible if the corresponding Node isn't. > TreeImpl#NodeLocation does not allow to retrieve child location if access to > parent is denied > --------------------------------------------------------------------------------------------- > > Key: OAK-766 > URL: https://issues.apache.org/jira/browse/OAK-766 > Project: Jackrabbit Oak > Issue Type: Bug > Components: core > Reporter: angela > > as a consequence of OAK-709 we now have an issue with the way > SessionDelegate and Root#getLocation access a node in the hierarchy > which has an ancestor which is not accessible. > specifically RootImpl#getLocation will be served a NullLocation for the > first ancestor which is not accessible and consequently any accessible > child node cannot be accessed. > in order to reproduce the issue you may: > - change AccessControlConfigurationImpl to use PermissionProviderImpl instead > of the tmp solution > - and run o.a.j.oak.jcr.security.authorization.ReadTest#testReadDenied -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira