[jira] [Comment Edited] (OAK-8155) CompositePermissionProvider: add possibility to abort evaluation

Wed, 08 May 2019 05:19:13 -0700 


    [ 
https://issues.apache.org/jira/browse/OAK-8155?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16835541#comment-16835541
 ] 

angela edited comment on OAK-8155 at 5/8/19 12:18 PM:
------------------------------------------------------

[~stillalex], improved patch that would only allow for abortion if the given 
{{AggregatedPermissionProvider}} supported the targeted permissions, 
essentially moving the test for abortion inside the {{doEvaluate}} blocks. test 
patch reflects that by covering both cases: 
a) the aborting provider supports the target permission -> doAbort is invoked 
and the subsequent providers are omitted from the evaluation, 
b) the aborting provider returns NO_PERMISSION -> doAbort is never invoked and 
all providers take part in the evaluation.


was (Author: anchela):
[~stillalex], improved patch that would only allow for abortion if the given 
{{AggregatedPermissionProvider}} supported the targeted permissions, 
essentially moving the test for abortion inside the {{doEvaluate}} blocks. test 
patch reflects that by covering both cases: a) the aborting provider supports 
the target permission -> doAbort is invoked and the subsequent providers are 
omitted from the evaluation, b) the aborting provider returns NO_PERMISSION -> 
doAbort is never invoked and all providers take part in the evaluation.

> CompositePermissionProvider: add possibility to abort evaluation
> ----------------------------------------------------------------
>
>                 Key: OAK-8155
>                 URL: https://issues.apache.org/jira/browse/OAK-8155
>             Project: Jackrabbit Oak
>          Issue Type: New Feature
>          Components: security, security-spi
>            Reporter: angela
>            Assignee: angela
>            Priority: Major
>         Attachments: OAK-8155-2-test.patch, OAK-8155-2.patch, 
> OAK-8155-test.patch, OAK-8155.patch
>
>
> when aggregating multiple authorization models we currently have the ability 
> to choose between CompositionType.AND and CompositionType.OR for the 
> evaluation of effective permissions. In other words as soon as more than 1 
> PermissionProvider is present for the evaluation the results of that 
> evaluation are either combined in an AND or OR fashion.
> however, we currently lack the ability to stop or abort the evaluation if a 
> given provider instance was 'sufficient' to determine if a given set of 
> permissions is granted or denied. 
> [~stillalex], let's discuss ideas and options on how we could achieve this.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to