Re: NodeStates and security (Re: svn commit: r1458234 - in /jackrabbit/oak/trunk: oak-core/src/main/java/org/apache/jackrabbit/oak/core/ oak-core/src/main/java/org/apache/jackrabbit/oak/kernel/ oak-co

Hi, On Wed, Mar 20, 2013 at 12:24 PM, Jukka Zitting jukka.zitt...@gmail.com wrote: To address that case I was thinking that we could revise the getChildNode() contract to *always* return a new NodeState even if the named child node did not exist. Coupled with something like a new

RE: NodeStates and security (Re: svn commit: r1458234 - in /jackrabbit/oak/trunk: oak-core/src/main/java/org/apache/jackrabbit/oak/core/ oak-core/src/main/java/org/apache/jackrabbit/oak/kernel/ oak-co

OK, thanks. This clarifies things quite a bit. regards marcel On Thu, Mar 21, 2013 at 3:02 PM, Marcel Reutegger mreut...@adobe.com wrote: Do we really understand well enough what the consequences are moving permission evaluation even further down? I.e. *below* the NodeState API?

Re: NodeStates and security (Re: svn commit: r1458234 - in /jackrabbit/oak/trunk: oak-core/src/main/java/org/apache/jackrabbit/oak/core/ oak-core/src/main/java/org/apache/jackrabbit/oak/kernel/ oak-co

Hi, On Thu, Mar 21, 2013 at 3:02 PM, Marcel Reutegger mreut...@adobe.com wrote: Do we really understand well enough what the consequences are moving permission evaluation even further down? I.e. *below* the NodeState API? That's where I originally envisioned it to be taking place, as a mostly

Re: NodeStates and security (Re: svn commit: r1458234 - in /jackrabbit/oak/trunk: oak-core/src/main/java/org/apache/jackrabbit/oak/core/ oak-core/src/main/java/org/apache/jackrabbit/oak/kernel/ oak-co

hi bart Well that reduces the question to just *how* to do it ;-) sure... I was just jumping in because we experienced many problems with this use case with JR2 and was wondering if it's was worth the effort to support it. right... but there is no much use for us in creating a default

Re: NodeStates and security (Re: svn commit: r1458234 - in /jackrabbit/oak/trunk: oak-core/src/main/java/org/apache/jackrabbit/oak/core/ oak-core/src/main/java/org/apache/jackrabbit/oak/kernel/ oak-co

On Wed, Mar 20, 2013 at 11:24 AM, Jukka Zitting jukka.zitt...@gmail.com wrote: The only complication there, as already discussed before, is the inability of the current NodeState interface to handle cases where a child node is readable even if its parent is not. This is a quite problematic

Re: NodeStates and security (Re: svn commit: r1458234 - in /jackrabbit/oak/trunk: oak-core/src/main/java/org/apache/jackrabbit/oak/core/ oak-core/src/main/java/org/apache/jackrabbit/oak/kernel/ oak-co

On Wed, Mar 20, 2013 at 1:11 PM, Jukka Zitting jukka.zitt...@gmail.com wrote: Hi, On Wed, Mar 20, 2013 at 1:34 PM, Bart van der Schans b.vandersch...@onehippo.com wrote: This is a quite problematic use-case. Depends on your point of view. The way I see it, the scenario is equivalent to a

Re: NodeStates and security (Re: svn commit: r1458234 - in /jackrabbit/oak/trunk: oak-core/src/main/java/org/apache/jackrabbit/oak/core/ oak-core/src/main/java/org/apache/jackrabbit/oak/kernel/ oak-co

On Wed, Mar 20, 2013 at 12:42 PM, Angela Schreiber anch...@adobe.com wrote: On 3/20/13 12:34 PM, Bart van der Schans wrote: On Wed, Mar 20, 2013 at 11:24 AM, Jukka Zittingjukka.zitt...@gmail.com wrote: The only complication there, as already discussed before, is the inability of the

Re: NodeStates and security (Re: svn commit: r1458234 - in /jackrabbit/oak/trunk: oak-core/src/main/java/org/apache/jackrabbit/oak/core/ oak-core/src/main/java/org/apache/jackrabbit/oak/kernel/ oak-co

hi jukka i like the idea of having read permission enforced on the node state level and avoid the null checks as it is a similar approach we are currently having by the treelocation concept that michael introduced some time ago. the only thing i keep struggling with is: i don't want to evaluate