angela created OAK-7937:
---------------------------
Summary: Implement
CugAccessControlManager.getEffectivePolicies(Set<Principal> principals)
Key: OAK-7937
URL: https://issues.apache.org/jira/browse/OAK-7937
Project: Jackrabbit Oak
Issue Type: Improvement
Reporter: angela
Fix For: 1.10
today CugAccessControlManager.getEffectivePolicies(Set<Principal> principals)
returns an empty array and has a comment stating that this is not implemented.
having thought this through again, i think there was some benefit in having the
implementation. as long as the given set of principal does NOT include everyone
the return value should just include the CUG-policies that explicitly list any
of principals. IF _everyone_ was part of the set, the return-value basically
includes _all_ CUG-policies, because every CUG will deny read-access for
everyone except for the principals explicitly listed in the CUG-policy... if we
do the latter as lazy as possible it might still be doable even in a scenario,
when there are tons of CUG-policies specified.
[~stillalex], wdyt? do you want to take care of this?
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
