Uploaded image for project: 'Jackrabbit Oak'
  1. Jackrabbit Oak
  2. OAK-7937

Implement CugAccessControlManager.getEffectivePolicies(Set<Principal> principals)

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.20.0
    • Component/s: authorization-cug, security
    • Labels:
      None

      Description

      today CugAccessControlManager.getEffectivePolicies(Set<Principal> principals) returns an empty array and has a comment stating that this is not implemented.

      having thought this through again, i think there was some benefit in having the implementation. as long as the given set of principal does NOT include everyone the return value should just include the CUG-policies that explicitly list any of principals. IF everyone was part of the set, the return-value basically includes all CUG-policies, because every CUG will deny read-access for everyone except for the principals explicitly listed in the CUG-policy... if we do the latter as lazy as possible it might still be doable even in a scenario, when there are tons of CUG-policies specified.

      Alex Deparvu, wdyt? do you want to take care of this?

        Attachments

          Activity

            People

            • Assignee:
              angela Angela Schreiber
              Reporter:
              angela Angela Schreiber
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: