Uploaded image for project: 'Jackrabbit Oak'
  1. Jackrabbit Oak
  2. OAK-527

Implement Permission evaluation

    XMLWordPrintableJSON

Details

    • Task
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 0.18
    • core, jcr
    • None

    Description

      this subtasks goes along with OAK-526: for efficient permission
      evaluation the compiledpermission implementation should not attempt
      to collect the relevant ac-content such as looked at and written by
      the jcr ac-mgt implementation. instead it should make use of the
      persisted effective permission for the dedicated set of principals
      that forms the subject of a given contentsession.

      tbd:

      • privileged access to the effective permission store (independent of
        the content sessions permission)
      • ability to read all required information from the target tree/property
        that is passed to the hasPermission/canRead call.
      • efficient handling of pluggable restrictions
      • special handling for access control content an items residing inside
        the version store.

      Attachments

        Issue Links

          blocks

          Sub-task - The sub-task of the issue OAK-942 Permissions: Document changes wrt Jackrabbit

          • Major - Major loss of function.
          • Closed
          is blocked by

          Sub-task - The sub-task of the issue OAK-920 Proper permission handling upon Workspace#copy

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. OAK-1115 Remove of Subtree after Move is not subjected to permission validation

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. OAK-842 Incorrect interaction of orderable child nodes with permission evaluation

          • Major - Major loss of function.
          • Closed
          relates to

          Task - A task that needs to be done. OAK-753 TreeImpl exposes hidden child trees

          • Major - Major loss of function.
          • Closed
          1.
          		 TreeImpl#canRead: pass ImmutableTree to permission provider Sub-task Closed Unassigned  
          2.
          		 Redefine PermissionProvider#canRead Sub-task Closed Unassigned  
          3.
          		 Make workspace name available with the permission provider Sub-task Closed Angela Schreiber  
          4.
          		 Review interaction between AccessControlManager and PermissionManager Sub-task Closed Angela Schreiber  
          5.
          		 SecureNodeState#getChildNodeCount and #getPropertyCount: don't respect read permissions Sub-task Closed Unassigned  
          6.
          		 Consider moving permission evaluation to the node state level Sub-task Closed Unassigned  
          7.
          		 Authorization for the jcr version store Sub-task Closed Angela Schreiber  
          8.
          		 PermissionValidator: Backwards compatible permission evaluation for moving/renaming nodes Sub-task Closed Angela Schreiber  
          9.
          		 PermissionValidator: Proper permission handling for jcr:nodetypeManagement privilege Sub-task Closed Angela Schreiber  
          10.
          		 Implement AC-Postprocessing in PermissionHook Sub-task Closed Angela Schreiber  
          11.
          		 Calculate readstatus Sub-task Resolved Angela Schreiber  
          12.
          		 PermissionValidator: add compatibility flag to ignore USER_MGT permission Sub-task Closed Angela Schreiber  
          13.
          		 Accessibility of NodeTypes, Namespaces and Privileges Sub-task Closed Angela Schreiber  
          14.
          		 PermissionValidator: proper check for jcr:uuid modifications. Sub-task Closed Unassigned  
          15.
          		 Review remove permissions Sub-task Closed Angela Schreiber  
          16.
          		 Performance measurement Sub-task Closed Angela Schreiber  
          17.
          		 Faster anonymous read operations Sub-task Resolved Unassigned  
          18.
          		 Revisit/Improve CompiledPermissionImpl.getTreePermission() Sub-task Closed Unassigned  
          19.
          		 Implement global per principal permission entry cache Sub-task Closed Tobias Bocanegra

          0%
          Original Estimate - 24h
          Remaining Estimate - 24h
          20.
          		 Inconsistent entry filtering for ADD_NODE and REMOVE_NODE permission Sub-task Closed Angela Schreiber  

          Activity

            People

              angela Angela Schreiber
              angela Angela Schreiber
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - 24h
                  24h
                  Remaining:
                  Remaining Estimate - 24h
                  24h
                  Logged:
                  Time Spent - Not Specified
                  Not Specified