Uploaded image for project: 'Jackrabbit Oak'
  1. Jackrabbit Oak
  2. OAK-9763

Allow for restrictions evaluation against set of effective principal

Agile BoardAttach filesAttach ScreenshotAdd voteVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    Description

      Today it is not possible to plug a custom RestrictionProvider with restrictions (or restriction-patterns for that matter) that would allow to evaluate against the effective set of principals for which permission evaluation is executed.

      Reason: In contrast to AuthorizationConfiguration.getPermissionProvider()AuthorizationConfiguration.getRestrictionProvider() does not get the set of effective principals passed.

      What is possible today is something like e.g.

      allow everyone jcr:read on /content with restriction jcr:title = "abc"
      

      What is not feasible today is something like

      allow everyone jcr:read on /content with restriction ownerPropery = currentPrincipal()
      

      as the restriction evaluation today is agnostic of the principals for which the restrictions are being evaluated.

      This improvement aims for investigating what it would take to make the set of principals available with the PermissionProvider available to the RestrictionProvider during evaluation.

      cc: Tom Blackford

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            angela Angela Schreiber
            angela Angela Schreiber

            Dates

              Created:
              Updated:

              Slack

                Issue deployment