[
https://issues.apache.org/jira/browse/OAK-766?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13627713#comment-13627713
]
angela commented on OAK-766:
----------------------------
[~mduerig] the problem is that there is no way on the OAK api to navigate to a
property if access
to the parent is not allowed. therefore it doesn't help dropping the
TreeLocation if we don't
add an equivalent on the oak-api. this could be any of:
- Root#getProperty(String absPath) in addition to the existing
Root#getTree(absPath)
- Tree#getProperty(String relativePath) and Tree#getTree(String relativePath)
- ...
i don't care too much how we make that available as long as we have it available
and respect our security requirements that a tree is not accessible if the
corresponding
Node isn't.
> TreeImpl#NodeLocation does not allow to retrieve child location if access to
> parent is denied
> ---------------------------------------------------------------------------------------------
>
> Key: OAK-766
> URL: https://issues.apache.org/jira/browse/OAK-766
> Project: Jackrabbit Oak
> Issue Type: Bug
> Components: core
> Reporter: angela
>
> as a consequence of OAK-709 we now have an issue with the way
> SessionDelegate and Root#getLocation access a node in the hierarchy
> which has an ancestor which is not accessible.
> specifically RootImpl#getLocation will be served a NullLocation for the
> first ancestor which is not accessible and consequently any accessible
> child node cannot be accessed.
> in order to reproduce the issue you may:
> - change AccessControlConfigurationImpl to use PermissionProviderImpl instead
> of the tmp solution
> - and run o.a.j.oak.jcr.security.authorization.ReadTest#testReadDenied
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
