[
https://issues.apache.org/jira/browse/OAK-7937?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Angela Schreiber updated OAK-7937:
----------------------------------
Fix Version/s: 1.20.0
> Implement CugAccessControlManager.getEffectivePolicies(Set<Principal>
> principals)
> ---------------------------------------------------------------------------------
>
> Key: OAK-7937
> URL: https://issues.apache.org/jira/browse/OAK-7937
> Project: Jackrabbit Oak
> Issue Type: Improvement
> Components: authorization-cug, security
> Reporter: Angela Schreiber
> Assignee: Angela Schreiber
> Priority: Major
> Fix For: 1.20.0
>
>
> today CugAccessControlManager.getEffectivePolicies(Set<Principal> principals)
> returns an empty array and has a comment stating that this is not implemented.
> having thought this through again, i think there was some benefit in having
> the implementation. as long as the given set of principal does NOT include
> everyone the return value should just include the CUG-policies that
> explicitly list any of principals. IF _everyone_ was part of the set, the
> return-value basically includes _all_ CUG-policies, because every CUG will
> deny read-access for everyone except for the principals explicitly listed in
> the CUG-policy... if we do the latter as lazy as possible it might still be
> doable even in a scenario, when there are tons of CUG-policies specified.
> [~stillalex], wdyt? do you want to take care of this?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
