Details

    • Type: Task
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.18
    • Component/s: core, jcr
    • Labels:
      None

      Description

      this subtasks goes along with OAK-526: for efficient permission
      evaluation the compiledpermission implementation should not attempt
      to collect the relevant ac-content such as looked at and written by
      the jcr ac-mgt implementation. instead it should make use of the
      persisted effective permission for the dedicated set of principals
      that forms the subject of a given contentsession.

      tbd:

      • privileged access to the effective permission store (independent of
        the content sessions permission)
      • ability to read all required information from the target tree/property
        that is passed to the hasPermission/canRead call.
      • efficient handling of pluggable restrictions
      • special handling for access control content an items residing inside
        the version store.

        Attachments

          Issue Links

          1.
          TreeImpl#canRead: pass ImmutableTree to permission provider Sub-task Closed Unassigned  
          2.
          Redefine PermissionProvider#canRead Sub-task Closed Unassigned  
          3.
          Make workspace name available with the permission provider Sub-task Closed angela  
          4.
          Review interaction between AccessControlManager and PermissionManager Sub-task Closed angela  
          5.
          SecureNodeState#getChildNodeCount and #getPropertyCount: don't respect read permissions Sub-task Closed Unassigned  
          6.
          Consider moving permission evaluation to the node state level Sub-task Closed Unassigned  
          7.
          Authorization for the jcr version store Sub-task Closed angela  
          8.
          PermissionValidator: Backwards compatible permission evaluation for moving/renaming nodes Sub-task Closed angela  
          9.
          PermissionValidator: Proper permission handling for jcr:nodetypeManagement privilege Sub-task Closed angela  
          10.
          Implement AC-Postprocessing in PermissionHook Sub-task Closed angela  
          11.
          Calculate readstatus Sub-task Resolved angela  
          12.
          PermissionValidator: add compatibility flag to ignore USER_MGT permission Sub-task Closed angela  
          13.
          Accessibility of NodeTypes, Namespaces and Privileges Sub-task Closed angela  
          14.
          PermissionValidator: proper check for jcr:uuid modifications. Sub-task Closed Unassigned  
          15.
          Review remove permissions Sub-task Closed angela  
          16.
          Performance measurement Sub-task Closed angela  
          17.
          Faster anonymous read operations Sub-task Resolved Unassigned  
          18.
          Revisit/Improve CompiledPermissionImpl.getTreePermission() Sub-task Closed Unassigned  
          19.
          Implement global per principal permission entry cache Sub-task Closed Tobias Bocanegra

          0%

          Original Estimate - 24h
          Remaining Estimate - 24h
          20.
          Inconsistent entry filtering for ADD_NODE and REMOVE_NODE permission Sub-task Closed angela  

            Activity

              People

              • Assignee:
                anchela angela
                Reporter:
                anchela angela
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 24h
                  24h
                  Remaining:
                  Remaining Estimate - 24h
                  24h
                  Logged:
                  Time Spent - Not Specified
                  Not Specified