[
https://issues.apache.org/jira/browse/OAK-2490?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14317674#comment-14317674
]
Chetan Mehrotra commented on OAK-2490:
--------------------------------------
bq. It would be nice if we change the IndexPlan exposing this information to
the query engine. if possible we could instruct the query engine of not
re-perform the ACL checks as the provided set is already filtered.
So far the scope of this feature was to enable authorization check only for
SpellCheck/Suggestor/Faceted Search etc where the end result does not map to a
JCR Node. It was not intended to replace the current security check in
QueryEngine which is used for normal Node based results as that keeps the
security check at central level.
However given we have that support in Filter it might make sense to try it out
and see if provides any performance benefit. So would be good to track this in
a different issue
> Make it possible to use the PermissionProvider from within query indexes
> ------------------------------------------------------------------------
>
> Key: OAK-2490
> URL: https://issues.apache.org/jira/browse/OAK-2490
> Project: Jackrabbit Oak
> Issue Type: Improvement
> Components: core
> Reporter: Tommaso Teofili
> Assignee: Tommaso Teofili
> Fix For: 1.1.7
>
> Attachments: OAK-2490.0.patch, OAK-2490.1.patch, OAK-2490.2.patch
>
>
> As discussed on OAK-2423 and OAK-2473 it's useful to have a
> {{PermissionProvider}} down into {{QueryIndex}} implementations and/or
> {{SelectorImpl}}, depending on wether the ACL checks have to be done on an
> implementation base or generally.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
