[jira] [Comment Edited] (OAK-1998) Accessible tree below a non-accessible parent are HiddenTree

Tue, 29 Jul 2014 05:26:13 -0700 

    [ 
https://issues.apache.org/jira/browse/OAK-1998?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14077657#comment-14077657
 ] 

angela edited comment on OAK-1998 at 7/29/14 12:24 PM:
-------------------------------------------------------

raising severity as requested by vlad petcu who run into this issue due to 
broken version related features. Note however, that the problem is not limited 
to version related code but affects all cases where a subtree is readable while 
the parent isn't.


was (Author: anchela):
raising severity as requested by vlad petcu who run into this issue due to 
broken version related features.

> Accessible tree below a non-accessible parent are HiddenTree
> ------------------------------------------------------------
>
>                 Key: OAK-1998
>                 URL: https://issues.apache.org/jira/browse/OAK-1998
>             Project: Jackrabbit Oak
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 1.0, 1.0.1, 1.0.2, 1.0.3
>            Reporter: angela
>            Priority: Critical
>             Fix For: 1.0.4
>
>         Attachments: OAK-1998_(tests).patch
>
>
> fixing OAK-1441 introduced a regression with respect to trees that are 
> accessible though one of their parent nodes isn't. The problem is that the 
> fix for OAK-1441 doesn't distinguish between 'hidden' trees and trees that 
> are not accessible.
> - Hidden Trees: the complete subtree defined by the tree starting with ":" 
> must be hidden irrespective of the access control setup. example: Index.
> - Non-Accessible Tree: This is a matter of access control setup and it might 
> be that a child node is readable again. Example: the version store is not 
> accessible by default but the individual version histories (and versions) are 
> accessible if the corresponding versionable node is.
> The second use case is broken due to the missing distinction and the fact the 
> a HiddenTree always makes a child node hidden.
> Proposed solution: I think we have to make a clear separation between hidden 
> trees and trees that are not accessible and which are not hidden.
> the former defines a complete tree that is hidden (current approach is 
> correct) but for the latter we need proper permission evaluation upon 
> access... these nodes must not be "HiddenTree"s.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to