angela created OAK-1998:
---------------------------
Summary: Accessible tree below a non-accessible parent are
HiddenTree
Key: OAK-1998
URL: https://issues.apache.org/jira/browse/OAK-1998
Project: Jackrabbit Oak
Issue Type: Bug
Components: core
Affects Versions: 1.0.4
Reporter: angela
fixing OAK-1441 introduced a regression with respect to trees that are
accessible though one of their parent nodes isn't. The problem is that the fix
for OAK-1441 doesn't distinguish between 'hidden' trees and trees that are not
accessible.
- Hidden Trees: the complete subtree defined by the tree starting with ":" must
be hidden irrespective of the access control setup. example: Index.
- Non-Accessible Tree: This is a matter of access control setup and it might be
that a child node is readable again. Example: the version store is not
accessible by default but the individual version histories (and versions) are
accessible if the corresponding versionable node is.
The second use case is broken due to the missing distinction and the fact the a
HiddenTree always makes a child node hidden.
Proposed solution: I think we have to make a clear separation between hidden
trees and trees that are not accessible and which are not hidden.
the former defines a complete tree that is hidden (current approach is correct)
but for the latter we need proper permission evaluation upon access... these
nodes must not be "HiddenTree"s.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
