You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-issues@jackrabbit.apache.org by "Thomas Mueller (JIRA)" <ji...@apache.org> on 2015/01/26 10:42:35 UTC

[jira] [Comment Edited] (OAK-2423) Add PermissionProvider.canRead

    [ https://issues.apache.org/jira/browse/OAK-2423?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14287274#comment-14287274 ] 

Thomas Mueller edited comment on OAK-2423 at 1/26/15 9:42 AM:
--------------------------------------------------------------

The {{PermissionProvider}} can be obtained from the {{AuthorizationConfiguration}} which in turn can be accessed from the {{SecurityProvider}}. something like:

{{getSecurityProvider().getConfiguration(AuthorizationConfiguration.class).getPermissionProvider(...)}}

the call requires a {{Root}}, the workspace name and the set of {{Principal}}s associated with the reading content session. for the query use-case i would however try to pass the permission or security provider into the {{QueryEngine}} by extending the {{ExecutionContext}} as the {{Root}} interface doesn't allow to access the associated security related configurations/providers.


was (Author: anchela):
The {{PermissionProvider}} can be obtained from the {{AuthorizationConfiguration}} which in turn can be accessed from the {{SecurityProvider}}. something like:

{{getSecurityProvider().getConfiguration(AuthorizationConfiguration.class)}.getPermissionProvider(...)}

the call requires a {{Root}}, the workspace name and the set of {{Principal}}s associated with the reading content session. for the query use-case i would however try to pass the permission or security provider into the {{QueryEngine}} by extending the {{ExecutionContext}} as the {{Root}} interface doesn't allow to access the associated security related configurations/providers.

> Add PermissionProvider.canRead
> ------------------------------
>
>                 Key: OAK-2423
>                 URL: https://issues.apache.org/jira/browse/OAK-2423
>             Project: Jackrabbit Oak
>          Issue Type: Improvement
>          Components: core
>            Reporter: angela
>            Assignee: angela
>            Priority: Minor
>         Attachments: OAK-2423.patch
>
>
> As discussed with [~tmueller] and [~teofili], it might be beneficial for query performance if it was possible to determine read-access without having to create the {{Tree}} (and thus the hierarchy). The latter (as present with {{TreePermission.canRead}}) is suited for regular repository read operations where the tree hierarchy is built anyway.
> since {{PermissionProvider.isGranted(String oakPath, String jcrActions)}} requires to resolve the path to properly deal with write operations, i would suggest to evaluate if adding {{PermissionProvider.canRead(@Nonnull String treePath, @Nullable String propertyName}} would give us some performance gain in the query case.
> initial (untested) draft attached for basic evaluation. proper unit and benchmark testing are required.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)