[
https://issues.apache.org/jira/browse/OAK-1163?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13827962#comment-13827962
]
angela commented on OAK-1163:
-----------------------------
i ignore the very details of the observation code, but a part from that it
looks reasonable.
i would suggest to go a head and create specific tests to verify that it works
as expected... furthermore it's IMO important to address the FIXME in the
SessionContext. i would just move it from the AccessManager to a
PermissionProvider-wrapper that would be kept in the SessionContext and which
was responsible for the refresh... with the current solution the access manager
may return different results than the permission provider in the observation
manager.
> Observation events should respect permissions
> ---------------------------------------------
>
> Key: OAK-1163
> URL: https://issues.apache.org/jira/browse/OAK-1163
> Project: Jackrabbit Oak
> Issue Type: Sub-task
> Components: core, jcr, security
> Reporter: Alexander Klimetschek
> Labels: observation
>
> The JCR observation implementation in Oak does not evaluate ACLs yet, so any
> session currently sees all events. {{SecureValidator}} is the intended place
> to do the checks.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
