Details

    • Type: Task Task
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.18
    • Component/s: core, jcr
    • Labels:
      None

      Description

      this subtasks goes along with OAK-526: for efficient permission
      evaluation the compiledpermission implementation should not attempt
      to collect the relevant ac-content such as looked at and written by
      the jcr ac-mgt implementation. instead it should make use of the
      persisted effective permission for the dedicated set of principals
      that forms the subject of a given contentsession.

      tbd:

      • privileged access to the effective permission store (independent of
        the content sessions permission)
      • ability to read all required information from the target tree/property
        that is passed to the hasPermission/canRead call.
      • efficient handling of pluggable restrictions
      • special handling for access control content an items residing inside
        the version store.

        Issue Links

        1.
        TreeImpl#canRead: pass ImmutableTree to permission provider Sub-task Closed Unassigned  
         
        2.
        Redefine PermissionProvider#canRead Sub-task Closed Unassigned  
         
        3.
        Make workspace name available with the permission provider Sub-task Closed angela  
         
        4.
        Review interaction between AccessControlManager and PermissionManager Sub-task Closed angela  
         
        5.
        SecureNodeState#getChildNodeCount and #getPropertyCount: don't respect read permissions Sub-task Closed Unassigned  
         
        6.
        Consider moving permission evaluation to the node state level Sub-task Closed Unassigned  
         
        7.
        Authorization for the jcr version store Sub-task Closed angela  
         
        8.
        PermissionValidator: Backwards compatible permission evaluation for moving/renaming nodes Sub-task Closed angela  
         
        9.
        PermissionValidator: Proper permission handling for jcr:nodetypeManagement privilege Sub-task Closed angela  
         
        10.
        Implement AC-Postprocessing in PermissionHook Sub-task Closed angela  
         
        11.
        Calculate readstatus Sub-task Resolved angela  
         
        12.
        PermissionValidator: add compatibility flag to ignore USER_MGT permission Sub-task Closed angela  
         
        13.
        Accessibility of NodeTypes, Namespaces and Privileges Sub-task Closed angela  
         
        14.
        PermissionValidator: proper check for jcr:uuid modifications. Sub-task Closed Unassigned  
         
        15.
        Review remove permissions Sub-task Closed angela  
         
        16.
        Performance measurement Sub-task Closed angela  
         
        17.
        Faster anonymous read operations Sub-task Resolved Unassigned  
         
        18.
        Revisit/Improve CompiledPermissionImpl.getTreePermission() Sub-task Closed Unassigned  
         
        19.
        Implement global per principal permission entry cache Sub-task Closed Tobias Bocanegra

        0%

        Original Estimate - 24h
        Remaining Estimate - 24h
         
        20.
        Inconsistent entry filtering for ADD_NODE and REMOVE_NODE permission Sub-task Closed angela  
         

          Activity

          angela created issue -
          angela made changes -
          Field Original Value New Value
          Component/s core [ 12317803 ]
          Component/s jcr [ 12317804 ]
          angela made changes -
          Parent OAK-51 [ 12549674 ]
          Issue Type Sub-task [ 7 ] Task [ 3 ]
          angela made changes -
          Link This issue blocks OAK-51 [ OAK-51 ]
          angela made changes -
          Link This issue relates to OAK-753 [ OAK-753 ]
          angela made changes -
          Link This issue is blocked by OAK-920 [ OAK-920 ]
          angela made changes -
          Link This issue is blocked by OAK-1115 [ OAK-1115 ]
          Michael Marth made changes -
          Fix Version/s 0.12 [ 12325547 ]
          angela made changes -
          Link This issue blocks OAK-51 [ OAK-51 ]
          angela made changes -
          Link This issue blocks OAK-942 [ OAK-942 ]
          angela made changes -
          Link This issue is blocked by OAK-842 [ OAK-842 ]
          Michael Marth made changes -
          Fix Version/s 1.0 [ 12325581 ]
          Fix Version/s 0.12 [ 12325547 ]
          angela made changes -
          Status Open [ 1 ] Resolved [ 5 ]
          Fix Version/s 0.18 [ 12325960 ]
          Fix Version/s 1.0 [ 12325581 ]
          Resolution Fixed [ 1 ]
          Alex Parvulescu made changes -
          Status Resolved [ 5 ] Closed [ 6 ]

            People

            • Assignee:
              angela
              Reporter:
              angela
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 24h
                24h
                Remaining:
                Remaining Estimate - 24h
                24h
                Logged:
                Time Spent - Not Specified
                Not Specified

                  Development