[jira] [Commented] (OAK-6356) Allow CompositePermissionProvider to OR entries

Mon, 26 Jun 2017 01:54:07 -0700 

    [ 
https://issues.apache.org/jira/browse/OAK-6356?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16062802#comment-16062802
 ] 

angela commented on OAK-6356:
-----------------------------

[~stillalex], looks really good. minor/trivial findings as i am looking at the 
patch:

* {{SecurityProviderRegistration}}: 
** trivial: I would add to the description of the 
{[authorizationCompositionType}} property a hint that _AND_ is the default, 
matching the original behavior.
** minor: missing nullable/checkfornull/nonnull annotations with 
{{getAuthorizationCompositionType}}
* {{CompositeAuthorizationConfiguration.CompositionType}}: 
** minor: i would prefer if the {{withCompositionType}} method had explicity 
nullable/checkfornull/nonnull annotation for the param.
** trivial: my IDE claims that that the static modifier is redundant
** trivial: what about adding a 'fromString' method to have everything contain 
in the enum instead of having the check in 
{{CompositeAuthorizationConfiguration.withCompositionType(String ct)}}
* {{CompositeTreePermission}}
** minor: nonnull-annotation is missing for the {{CompositionType}} in the 
constructor and the static create method
* {{CompositePermissionProvider.CompositeRepositoryPermissions}}
** minor: new construction lacks nonnull annotations :-)

will now also take a look at the tests.

> Allow CompositePermissionProvider to OR entries
> -----------------------------------------------
>
>                 Key: OAK-6356
>                 URL: https://issues.apache.org/jira/browse/OAK-6356
>             Project: Jackrabbit Oak
>          Issue Type: Improvement
>          Components: core, security
>            Reporter: Alex Deparvu
>            Assignee: Alex Deparvu
>             Fix For: 1.7.3
>
>         Attachments: OAK-6356.patch, OAK-6356-v2.patch
>
>
> Currently the {{CompositePermissionProvider}} ANDs the entries and if any of 
> those denies a check, all the chain will fail early. I'd like to extend this 
> mechanism to 'OR' items if needed.
> A first application of this ORing could be the multiplexed permission store 
> where the default store could deny a check but a mount could allow it, so it 
> could be seen as valid.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to