You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-issues@jackrabbit.apache.org by "Thomas Mueller (JIRA)" <ji...@apache.org> on 2014/08/04 12:29:12 UTC
[jira] [Closed] (OAK-1998) Accessible tree below a non-accessible
parent are HiddenTree
[ https://issues.apache.org/jira/browse/OAK-1998?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Thomas Mueller closed OAK-1998.
-------------------------------
> Accessible tree below a non-accessible parent are HiddenTree
> ------------------------------------------------------------
>
> Key: OAK-1998
> URL: https://issues.apache.org/jira/browse/OAK-1998
> Project: Jackrabbit Oak
> Issue Type: Bug
> Components: core
> Affects Versions: 1.0, 1.0.1, 1.0.2, 1.0.3
> Reporter: angela
> Assignee: Michael Dürig
> Priority: Critical
> Fix For: 1.1, 1.0.4
>
> Attachments: OAK-1998_(tests).patch
>
>
> fixing OAK-1441 introduced a regression with respect to trees that are accessible though one of their parent nodes isn't. The problem is that the fix for OAK-1441 doesn't distinguish between 'hidden' trees and trees that are not accessible.
> - Hidden Trees: the complete subtree defined by the tree starting with ":" must be hidden irrespective of the access control setup. example: Index.
> - Non-Accessible Tree: This is a matter of access control setup and it might be that a child node is readable again. Example: the version store is not accessible by default but the individual version histories (and versions) are accessible if the corresponding versionable node is.
> The second use case is broken due to the missing distinction and the fact the a HiddenTree always makes a child node hidden.
> Proposed solution: I think we have to make a clear separation between hidden trees and trees that are not accessible and which are not hidden.
> the former defines a complete tree that is hidden (current approach is correct) but for the latter we need proper permission evaluation upon access... these nodes must not be "HiddenTree"s.
--
This message was sent by Atlassian JIRA
(v6.2#6252)