You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-issues@jackrabbit.apache.org by "angela (JIRA)" <ji...@apache.org> on 2013/11/11 09:32:18 UTC
[jira] [Commented] (OAK-1163) Observation events should respect
permissions
[ https://issues.apache.org/jira/browse/OAK-1163?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13818772#comment-13818772 ]
angela commented on OAK-1163:
-----------------------------
adjusting summary: as of oak there is a clear separation between access control management (-> ACL belongs there) and the permission evaluation. we should make sure we understand the difference when reporting issues in order to avoid confusions.
> Observation events should respect permissions
> ---------------------------------------------
>
> Key: OAK-1163
> URL: https://issues.apache.org/jira/browse/OAK-1163
> Project: Jackrabbit Oak
> Issue Type: New Feature
> Components: core, jcr, security
> Reporter: Alexander Klimetschek
>
> The JCR observation implementation in Oak does not evaluate ACLs yet, so any session currently sees all events. {{SecureValidator}} is the intended place to do the checks.
--
This message was sent by Atlassian JIRA
(v6.1#6144)