[
https://issues.apache.org/jira/browse/OAK-2423?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14287274#comment-14287274
]
Thomas Mueller edited comment on OAK-2423 at 1/26/15 9:42 AM:
--------------------------------------------------------------
The {{PermissionProvider}} can be obtained from the
{{AuthorizationConfiguration}} which in turn can be accessed from the
{{SecurityProvider}}. something like:
{{getSecurityProvider().getConfiguration(AuthorizationConfiguration.class).getPermissionProvider(...)}}
the call requires a {{Root}}, the workspace name and the set of {{Principal}}s
associated with the reading content session. for the query use-case i would
however try to pass the permission or security provider into the
{{QueryEngine}} by extending the {{ExecutionContext}} as the {{Root}} interface
doesn't allow to access the associated security related
configurations/providers.
was (Author: anchela):
The {{PermissionProvider}} can be obtained from the
{{AuthorizationConfiguration}} which in turn can be accessed from the
{{SecurityProvider}}. something like:
{{getSecurityProvider().getConfiguration(AuthorizationConfiguration.class)}.getPermissionProvider(...)}
the call requires a {{Root}}, the workspace name and the set of {{Principal}}s
associated with the reading content session. for the query use-case i would
however try to pass the permission or security provider into the
{{QueryEngine}} by extending the {{ExecutionContext}} as the {{Root}} interface
doesn't allow to access the associated security related
configurations/providers.
> Add PermissionProvider.canRead
> ------------------------------
>
> Key: OAK-2423
> URL: https://issues.apache.org/jira/browse/OAK-2423
> Project: Jackrabbit Oak
> Issue Type: Improvement
> Components: core
> Reporter: angela
> Assignee: angela
> Priority: Minor
> Attachments: OAK-2423.patch
>
>
> As discussed with [~tmueller] and [~teofili], it might be beneficial for
> query performance if it was possible to determine read-access without having
> to create the {{Tree}} (and thus the hierarchy). The latter (as present with
> {{TreePermission.canRead}}) is suited for regular repository read operations
> where the tree hierarchy is built anyway.
> since {{PermissionProvider.isGranted(String oakPath, String jcrActions)}}
> requires to resolve the path to properly deal with write operations, i would
> suggest to evaluate if adding {{PermissionProvider.canRead(@Nonnull String
> treePath, @Nullable String propertyName}} would give us some performance gain
> in the query case.
> initial (untested) draft attached for basic evaluation. proper unit and
> benchmark testing are required.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
