[
https://issues.apache.org/jira/browse/OAK-1998?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Michael Dürig resolved OAK-1998.
--------------------------------
Resolution: Fixed
> Accessible tree below a non-accessible parent are HiddenTree
> ------------------------------------------------------------
>
> Key: OAK-1998
> URL: https://issues.apache.org/jira/browse/OAK-1998
> Project: Jackrabbit Oak
> Issue Type: Bug
> Components: core
> Affects Versions: 1.0, 1.0.1, 1.0.2, 1.0.3
> Reporter: angela
> Assignee: Michael Dürig
> Priority: Critical
> Fix For: 1.1, 1.0.4
>
> Attachments: OAK-1998_(tests).patch
>
>
> fixing OAK-1441 introduced a regression with respect to trees that are
> accessible though one of their parent nodes isn't. The problem is that the
> fix for OAK-1441 doesn't distinguish between 'hidden' trees and trees that
> are not accessible.
> - Hidden Trees: the complete subtree defined by the tree starting with ":"
> must be hidden irrespective of the access control setup. example: Index.
> - Non-Accessible Tree: This is a matter of access control setup and it might
> be that a child node is readable again. Example: the version store is not
> accessible by default but the individual version histories (and versions) are
> accessible if the corresponding versionable node is.
> The second use case is broken due to the missing distinction and the fact the
> a HiddenTree always makes a child node hidden.
> Proposed solution: I think we have to make a clear separation between hidden
> trees and trees that are not accessible and which are not hidden.
> the former defines a complete tree that is hidden (current approach is
> correct) but for the latter we need proper permission evaluation upon
> access... these nodes must not be "HiddenTree"s.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
