Uploaded image for project: 'Jackrabbit Oak'
  1. Jackrabbit Oak
  2. OAK-527

Implement Permission evaluation

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Task
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 0.18
    • core, jcr
    • None

    Description

      this subtasks goes along with OAK-526: for efficient permission
      evaluation the compiledpermission implementation should not attempt
      to collect the relevant ac-content such as looked at and written by
      the jcr ac-mgt implementation. instead it should make use of the
      persisted effective permission for the dedicated set of principals
      that forms the subject of a given contentsession.

      tbd:

      • privileged access to the effective permission store (independent of
        the content sessions permission)
      • ability to read all required information from the target tree/property
        that is passed to the hasPermission/canRead call.
      • efficient handling of pluggable restrictions
      • special handling for access control content an items residing inside
        the version store.

      Attachments

        Issue Links

        blocks

        Sub-task - The sub-task of the issue OAK-942 Permissions: Document changes wrt Jackrabbit

        • Major - Major loss of function.
        • Closed
        is blocked by

        Sub-task - The sub-task of the issue OAK-920 Proper permission handling upon Workspace#copy

        • Critical - Crashes, loss of data, severe memory leak.
        • Closed

        Bug - A problem which impairs or prevents the functions of the product. OAK-1115 Remove of Subtree after Move is not subjected to permission validation

        • Critical - Crashes, loss of data, severe memory leak.
        • Closed

        Bug - A problem which impairs or prevents the functions of the product. OAK-842 Incorrect interaction of orderable child nodes with permission evaluation

        • Major - Major loss of function.
        • Closed
        relates to

        Task - A task that needs to be done. OAK-753 TreeImpl exposes hidden child trees

        • Major - Major loss of function.
        • Closed
        1.
        		 TreeImpl#canRead: pass ImmutableTree to permission provider Sub-task Closed Unassigned   Actions
        2.
        		 Redefine PermissionProvider#canRead Sub-task Closed Unassigned   Actions
        3.
        		 Make workspace name available with the permission provider Sub-task Closed Angela Schreiber   Actions
        4.
        		 Review interaction between AccessControlManager and PermissionManager Sub-task Closed Angela Schreiber   Actions
        5.
        		 SecureNodeState#getChildNodeCount and #getPropertyCount: don't respect read permissions Sub-task Closed Unassigned   Actions
        6.
        		 Consider moving permission evaluation to the node state level Sub-task Closed Unassigned   Actions
        7.
        		 Authorization for the jcr version store Sub-task Closed Angela Schreiber   Actions
        8.
        		 PermissionValidator: Backwards compatible permission evaluation for moving/renaming nodes Sub-task Closed Angela Schreiber   Actions
        9.
        		 PermissionValidator: Proper permission handling for jcr:nodetypeManagement privilege Sub-task Closed Angela Schreiber   Actions
        10.
        		 Implement AC-Postprocessing in PermissionHook Sub-task Closed Angela Schreiber   Actions
        11.
        		 Calculate readstatus Sub-task Resolved Angela Schreiber   Actions
        12.
        		 PermissionValidator: add compatibility flag to ignore USER_MGT permission Sub-task Closed Angela Schreiber   Actions
        13.
        		 Accessibility of NodeTypes, Namespaces and Privileges Sub-task Closed Angela Schreiber   Actions
        14.
        		 PermissionValidator: proper check for jcr:uuid modifications. Sub-task Closed Unassigned   Actions
        15.
        		 Review remove permissions Sub-task Closed Angela Schreiber   Actions
        16.
        		 Performance measurement Sub-task Closed Angela Schreiber   Actions
        17.
        		 Faster anonymous read operations Sub-task Resolved Unassigned   Actions
        18.
        		 Revisit/Improve CompiledPermissionImpl.getTreePermission() Sub-task Closed Unassigned   Actions
        19.
        		 Implement global per principal permission entry cache Sub-task Closed Tobias Bocanegra

        0%
        Original Estimate - 24h
        Remaining Estimate - 24h
        		Actions
        20.
        		 Inconsistent entry filtering for ADD_NODE and REMOVE_NODE permission Sub-task Closed Angela Schreiber   Actions

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            angela Angela Schreiber
            angela Angela Schreiber
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - 24h
                24h
                Remaining:
                Remaining Estimate - 24h
                24h
                Logged:
                Time Spent - Not Specified
                Not Specified

                Slack

                  Issue deployment