why do we index 'rep%3AGrantACE' ?

[Tobias Bocanegra <tr...@apache.org>]

Hi,

I played around with concurrent ACL updates with (Oak-Mongo) and I saw
commit errors like:

aused by: org.apache.jackrabbit.mk.api.MicroKernelException: The node
6:/oak:index/nodetype/:index/rep%3AGrantACE/test68fa4877/node75 was
already added in revision

which brings the question, why we index those node types in the first
place? I doubt that anyone will search for internal node types.
shouldn't we exclude all rep:* nodetypes?

regards, toby

Re: why do we index 'rep%3AGrantACE' ?

[Davide Giannella <gi...@gmail.com>]

On 05/03/2014 00:58, Jukka Zitting wrote:
> I remember myself searching at least for rep:AccessControllable on
> various occasions. It's a quick and easy way to locate ACLs within a
> repository.
I searched many times in CQ for the rep:ACL for packaging ACLs and
moving them from one environment to the other.

http://goo.gl/wZdWeL

Cheers
D.

Re: why do we index 'rep%3AGrantACE' ?

[Angela Schreiber <an...@adobe.com>]

hi

On 05/03/14 01:58, "Jukka Zitting" <ju...@gmail.com> wrote:

>Hi,
>
>On Tue, Mar 4, 2014 at 6:36 PM, Tobias Bocanegra <tr...@apache.org>
>wrote:
>> which brings the question, why we index those node types in the first
>> place? I doubt that anyone will search for internal node types.
>
>I remember myself searching at least for rep:AccessControllable on
>various occasions. It's a quick and easy way to locate ACLs within a
>repository.
>
>> shouldn't we exclude all rep:* nodetypes?
>
>I think the conflict you're seeing should rather be fixed in some other
>way.

+1

regards
angela

Re: why do we index 'rep%3AGrantACE' ?

[Tommaso Teofili <to...@gmail.com>]

ok, thanks Angela for the clarification :-)

Tommaso

2014-03-05 8:48 GMT+01:00 Angela Schreiber <an...@adobe.com>:

> hi tommaso
>
> but that's something completely different... the query you are referring
> to below looks for a user or group whose principalName matches everyone.
> no access control involved this time ;-)
>
> regards
> angela
>
> On 05/03/14 08:19, "Tommaso Teofili" <to...@gmail.com> wrote:
>
> >also as far as I could see just yesterday, rep:AccessControllable is
> >searched when logging in (I was logging into Felix WebConsole on a system
> >running Sling and Oak and the query was "SELECT * FROM [rep:Authorizable]
> >WHERE [rep:principalName] = $principalName, path=*,
> >property=[rep:principalName=everyone]"), I was kind of surprised but
> >that's
> >what I found out.
> >
> >Regards,
> >Tommaso
> >
> >
> >2014-03-05 1:58 GMT+01:00 Jukka Zitting <ju...@gmail.com>:
> >
> >> Hi,
> >>
> >> On Tue, Mar 4, 2014 at 6:36 PM, Tobias Bocanegra <tr...@apache.org>
> >> wrote:
> >> > which brings the question, why we index those node types in the first
> >> > place? I doubt that anyone will search for internal node types.
> >>
> >> I remember myself searching at least for rep:AccessControllable on
> >> various occasions. It's a quick and easy way to locate ACLs within a
> >> repository.
> >>
> >> > shouldn't we exclude all rep:* nodetypes?
> >>
> >> I think the conflict you're seeing should rather be fixed in some other
> >> way.
> >>
> >> BR,
> >>
> >> Jukka Zitting
> >>
>
>

Re: why do we index 'rep%3AGrantACE' ?

[Angela Schreiber <an...@adobe.com>]

hi tommaso

but that's something completely different... the query you are referring
to below looks for a user or group whose principalName matches everyone.
no access control involved this time ;-)

regards
angela

On 05/03/14 08:19, "Tommaso Teofili" <to...@gmail.com> wrote:

>also as far as I could see just yesterday, rep:AccessControllable is
>searched when logging in (I was logging into Felix WebConsole on a system
>running Sling and Oak and the query was "SELECT * FROM [rep:Authorizable]
>WHERE [rep:principalName] = $principalName, path=*,
>property=[rep:principalName=everyone]"), I was kind of surprised but
>that's
>what I found out.
>
>Regards,
>Tommaso
>
>
>2014-03-05 1:58 GMT+01:00 Jukka Zitting <ju...@gmail.com>:
>
>> Hi,
>>
>> On Tue, Mar 4, 2014 at 6:36 PM, Tobias Bocanegra <tr...@apache.org>
>> wrote:
>> > which brings the question, why we index those node types in the first
>> > place? I doubt that anyone will search for internal node types.
>>
>> I remember myself searching at least for rep:AccessControllable on
>> various occasions. It's a quick and easy way to locate ACLs within a
>> repository.
>>
>> > shouldn't we exclude all rep:* nodetypes?
>>
>> I think the conflict you're seeing should rather be fixed in some other
>> way.
>>
>> BR,
>>
>> Jukka Zitting
>>

Re: why do we index 'rep%3AGrantACE' ?

[Tommaso Teofili <to...@gmail.com>]

also as far as I could see just yesterday, rep:AccessControllable is
searched when logging in (I was logging into Felix WebConsole on a system
running Sling and Oak and the query was "SELECT * FROM [rep:Authorizable]
WHERE [rep:principalName] = $principalName, path=*,
property=[rep:principalName=everyone]"), I was kind of surprised but that's
what I found out.

Regards,
Tommaso


2014-03-05 1:58 GMT+01:00 Jukka Zitting <ju...@gmail.com>:

> Hi,
>
> On Tue, Mar 4, 2014 at 6:36 PM, Tobias Bocanegra <tr...@apache.org>
> wrote:
> > which brings the question, why we index those node types in the first
> > place? I doubt that anyone will search for internal node types.
>
> I remember myself searching at least for rep:AccessControllable on
> various occasions. It's a quick and easy way to locate ACLs within a
> repository.
>
> > shouldn't we exclude all rep:* nodetypes?
>
> I think the conflict you're seeing should rather be fixed in some other
> way.
>
> BR,
>
> Jukka Zitting
>

Re: why do we index 'rep%3AGrantACE' ?

[Jukka Zitting <ju...@gmail.com>]

Hi,

On Tue, Mar 4, 2014 at 6:36 PM, Tobias Bocanegra <tr...@apache.org> wrote:
> which brings the question, why we index those node types in the first
> place? I doubt that anyone will search for internal node types.

I remember myself searching at least for rep:AccessControllable on
various occasions. It's a quick and easy way to locate ACLs within a
repository.

> shouldn't we exclude all rep:* nodetypes?

I think the conflict you're seeing should rather be fixed in some other way.

BR,

Jukka Zitting