You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-issues@jackrabbit.apache.org by "Jukka Zitting (JIRA)" <ji...@apache.org> on 2013/04/04 14:47:17 UTC

[jira] [Comment Edited] (OAK-709) Consider moving permission evaluation to the node state level

    [ https://issues.apache.org/jira/browse/OAK-709?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13622105#comment-13622105 ] 

Jukka Zitting edited comment on OAK-709 at 4/4/13 12:46 PM:
------------------------------------------------------------

Final version of the NodeState.exists() patch (see also https://github.com/jukka/jackrabbit-oak/commit/f698f968eca44766f1f3d84426021b16e54f2e19). Now the -PintegrationTesting build passes except for some issue in oak-solr-embedded. I'll look into it.

bq. updated patch for the SecureNodeState

Nice! We're definitely making progress here.

Re: TODO on getChildNode(); the exists() patch adjusts the {{getChildNode()}} contract to never return null. Instead a missing (or read-protected) child node is represented by a "non-existent" {{NodeState}} instance whose {{exists()}} method returns {{false}}.

Here's what I write about this change in the NodeState javadocs:

{code}
 * <h2>Existence and iterability of node states</h2>
 * <p>
 * The {@link #getChildNode(String)} method is special in that it
 * <em>never</em> returns a {@code null} value, even if the named child
 * node does not exist. Instead a client should use the {@link #exists()}
 * method on the returned child state to check whether that node exists.
 * The purpose of this separation of concerns is to allow an implementation
 * to lazily load content only when it's actually read instead of just
 * traversed. It also simplifies client code by avoiding the need for many
 * {@code null} checks when traversing paths.
 * <p>
 * The <em>iterability</em> of a node is a related concept to the
 * above-mentioned existence. A node state is <em>iterable</em> if it
 * is included in the return values of the {@link #getChildNodeCount()},
 * {@link #getChildNodeNames()} and {@link #getChildNodeEntries()} methods.
 * An iterable node is guaranteed to exist, though not all existing nodes
 * are necessarily iterable.
 * <p>
 * Furthermore, a non-existing node is guaranteed to contain no properties
 * or iterable child nodes. It can, however contain non-iterable children.
 * Such scenarios are typically the result of access control restrictions.
{code}
                
      was (Author: jukkaz):
    Final version of the NodeState.exists() patch. Now the full -PintegrationTesting build passes.

bq. updated patch for the SecureNodeState

Nice! We're definitely making progress here.

Re: TODO on getChildNode(); the exists() patch adjusts the {{getChildNode()}} contract to never return null. Instead a missing (or read-protected) child node is represented by a "non-existent" {{NodeState}} instance whose {{exists()}} method returns {{false}}.

Here's what I write about this change in the NodeState javadocs:

{code}
 * <h2>Existence and iterability of node states</h2>
 * <p>
 * The {@link #getChildNode(String)} method is special in that it
 * <em>never</em> returns a {@code null} value, even if the named child
 * node does not exist. Instead a client should use the {@link #exists()}
 * method on the returned child state to check whether that node exists.
 * The purpose of this separation of concerns is to allow an implementation
 * to lazily load content only when it's actually read instead of just
 * traversed. It also simplifies client code by avoiding the need for many
 * {@code null} checks when traversing paths.
 * <p>
 * The <em>iterability</em> of a node is a related concept to the
 * above-mentioned existence. A node state is <em>iterable</em> if it
 * is included in the return values of the {@link #getChildNodeCount()},
 * {@link #getChildNodeNames()} and {@link #getChildNodeEntries()} methods.
 * An iterable node is guaranteed to exist, though not all existing nodes
 * are necessarily iterable.
 * <p>
 * Furthermore, a non-existing node is guaranteed to contain no properties
 * or iterable child nodes. It can, however contain non-iterable children.
 * Such scenarios are typically the result of access control restrictions.
{code}
                  
> Consider moving permission evaluation to the node state level
> -------------------------------------------------------------
>
>                 Key: OAK-709
>                 URL: https://issues.apache.org/jira/browse/OAK-709
>             Project: Jackrabbit Oak
>          Issue Type: Sub-task
>          Components: core
>            Reporter: angela
>         Attachments: 0001-OAK-709-Consider-moving-permission-evaluation-to-the.patch, 0001-OAK-709-Consider-moving-permission-evaluation-to-the.patch, 0001-OAK-709-Consider-moving-permission-evaluation-to-the.patch, 0001-OAK-709-Consider-moving-permission-evaluation-to-the.patch, OAK-709.patch, SecureNodeState.java
>
>


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira