[
https://issues.apache.org/jira/browse/OAK-766?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13633972#comment-13633972
]
angela commented on OAK-766:
----------------------------
another possibility was to drop the SecureNodeState and check accessibility on
TreeImpl.
in other words: let the TreeLocation operate on the un-checked NodeState and
only perform
check for accessibility once the Tree/Property is really accessed.
IMO we currently perform far to much accessibility checks while accessing items
in the hierarchy. for admin we can optimize this but for all regular users that
don't have read-access in the complete subtree this will lead to extra
evaluation.
> TreeImpl#*Location: unable retrieve child location if access to parent is
> denied
> --------------------------------------------------------------------------------
>
> Key: OAK-766
> URL: https://issues.apache.org/jira/browse/OAK-766
> Project: Jackrabbit Oak
> Issue Type: Bug
> Components: core
> Reporter: angela
> Assignee: Michael Dürig
> Attachments: OAK-766-patch.txt
>
>
> as a consequence of OAK-709 we now have an issue with the way
> SessionDelegate and Root#getLocation access a node in the hierarchy
> which has an ancestor which is not accessible.
> specifically RootImpl#getLocation will be served a NullLocation for the
> first ancestor which is not accessible and consequently any accessible
> child node cannot be accessed.
> in order to reproduce the issue you may:
> - change AccessControlConfigurationImpl to use PermissionProviderImpl instead
> of the tmp solution
> - and run o.a.j.oak.jcr.security.authorization.ReadTest#testReadDenied
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
