Details

    • Type: Task Task
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.18
    • Component/s: core, jcr
    • Labels:
      None

      Description

      this subtasks goes along with OAK-526: for efficient permission
      evaluation the compiledpermission implementation should not attempt
      to collect the relevant ac-content such as looked at and written by
      the jcr ac-mgt implementation. instead it should make use of the
      persisted effective permission for the dedicated set of principals
      that forms the subject of a given contentsession.

      tbd:

      • privileged access to the effective permission store (independent of
        the content sessions permission)
      • ability to read all required information from the target tree/property
        that is passed to the hasPermission/canRead call.
      • efficient handling of pluggable restrictions
      • special handling for access control content an items residing inside
        the version store.

        Issue Links

        1.
        TreeImpl#canRead: pass ImmutableTree to permission provider Sub-task Closed Unassigned  
         
        2.
        Redefine PermissionProvider#canRead Sub-task Closed Unassigned  
         
        3.
        Make workspace name available with the permission provider Sub-task Closed angela  
         
        4.
        Review interaction between AccessControlManager and PermissionManager Sub-task Closed angela  
         
        5.
        SecureNodeState#getChildNodeCount and #getPropertyCount: don't respect read permissions Sub-task Closed Unassigned  
         
        6.
        Consider moving permission evaluation to the node state level Sub-task Closed Unassigned  
         
        7.
        Authorization for the jcr version store Sub-task Closed angela  
         
        8.
        PermissionValidator: Backwards compatible permission evaluation for moving/renaming nodes Sub-task Closed angela  
         
        9.
        PermissionValidator: Proper permission handling for jcr:nodetypeManagement privilege Sub-task Closed angela  
         
        10.
        Implement AC-Postprocessing in PermissionHook Sub-task Closed angela  
         
        11.
        Calculate readstatus Sub-task Resolved angela  
         
        12.
        PermissionValidator: add compatibility flag to ignore USER_MGT permission Sub-task Closed angela  
         
        13.
        Accessibility of NodeTypes, Namespaces and Privileges Sub-task Closed angela  
         
        14.
        PermissionValidator: proper check for jcr:uuid modifications. Sub-task Closed Unassigned  
         
        15.
        Review remove permissions Sub-task Closed angela  
         
        16.
        Performance measurement Sub-task Closed angela  
         
        17.
        Faster anonymous read operations Sub-task Resolved Unassigned  
         
        18.
        Revisit/Improve CompiledPermissionImpl.getTreePermission() Sub-task Closed Unassigned  
         
        19.
        Implement global per principal permission entry cache Sub-task Closed Tobias Bocanegra

        0%

        Original Estimate - 24h
        Remaining Estimate - 24h
         
        20.
        Inconsistent entry filtering for ADD_NODE and REMOVE_NODE permission Sub-task Closed angela  
         

          Activity

          Hide
          angela added a comment -

          Revision: 1489515
          changed permission store to contain a hierarchical view of the entries for a single principal instead of
          keeping a flat, unstructured list. this allow to read permission entries lazily or partially depending on
          the number and structure of policy nodes and entries in the content.

          Show
          angela added a comment - Revision: 1489515 changed permission store to contain a hierarchical view of the entries for a single principal instead of keeping a flat, unstructured list. this allow to read permission entries lazily or partially depending on the number and structure of policy nodes and entries in the content.
          Hide
          angela added a comment -

          resolving for now. we may open individual new issues as we encounter bugs and room for improvement.

          Show
          angela added a comment - resolving for now. we may open individual new issues as we encounter bugs and room for improvement.
          Hide
          Alex Parvulescu added a comment -

          bulk close for the 0.18 release

          Show
          Alex Parvulescu added a comment - bulk close for the 0.18 release

            People

            • Assignee:
              angela
              Reporter:
              angela
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 24h
                24h
                Remaining:
                Remaining Estimate - 24h
                24h
                Logged:
                Time Spent - Not Specified
                Not Specified

                  Development