[
https://issues.apache.org/jira/browse/OAK-2807?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
angela resolved OAK-2807.
-------------------------
Resolution: Later
Resolving LATER as so far nobody came up with a proposal to implement
{{TreePermission.canReadAll}} for non-administrative principal set. Please note
that in the mean time this not only needed to be implemented for the default
implementation but also for the {{CugPermissionProvider}} located in
{{oak-authorization-cug}}.
> Improve getSize performance for "public" content
> ------------------------------------------------
>
> Key: OAK-2807
> URL: https://issues.apache.org/jira/browse/OAK-2807
> Project: Jackrabbit Oak
> Issue Type: Improvement
> Components: query, security
> Affects Versions: 1.0.13, 1.2
> Reporter: Michael Marth
>
> Certain operations in the query engine like getting the size of a result set
> or facets are expensive to compute due to the fact that ACLs need to be
> computed on the entire result set. This issue is to discuss an idea how we
> could improve this:
> There is a very common special case: content (a subtree) that is readable by
> everyone (anonymous). If we mark an index on that subtree as "readable by
> everyone" on index creation then we could skip ACL check on the result set or
> precompute/cache certain query results.
> In order to avoid information leakage the index would have to be marked
> "invalid" as soon as one node in that sub-tree is not readable by everyone
> anymore. (could be checked through a commit hook)
> Maybe this concept could even be generalized later to work with other
> principals than everyone.
> Just an idea - feel free to poke holes and shoot it down :)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
