You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@zookeeper.apache.org by Andor Molnar <an...@apache.org> on 2021/04/28 14:08:51 UTC

setAcl() tree traversal ordering

Hi,

We’ve found an interesting issue with setAcl command in the client: currently it’s a depth-first pre-order traversal which sets ACL on the node first and then do getChildren() and traverse them.

It will fail when you set ACL to something which does not include you, e.g. you won’t be able to do getChildren() once you revoked access from the node. This could be resolved by changing the traversal to post-order.

On one hand this is a valid concern, on the other hand using superuser or skipACL is an easy workaround for this.

What do you think? Shall we change it?

Andor