[ https://issues.apache.org/jira/browse/OAK-10130?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Angela Schreiber resolved OAK-10130. ------------------------------------ Fix Version/s: 1.52.0 Resolution: Fixed > Add API to retrieve effective policies for a set of principals for a given > path > ------------------------------------------------------------------------------- > > Key: OAK-10130 > URL: https://issues.apache.org/jira/browse/OAK-10130 > Project: Jackrabbit Oak > Issue Type: New Feature > Components: authorization-cug, authorization-principalbased, core, > jackrabbit-api, security > Reporter: Angela Schreiber > Assignee: Angela Schreiber > Priority: Major > Fix For: 1.52.0 > > > JCR and Jackrabbit API currently provide the following methods to retrieve > effective policies: > h4. javax.jcr.security.AccessControlManager > {code} > AccessControlPolicy[] getEffectivePolicies(String absPath) > throws PathNotFoundException, AccessDeniedException, > RepositoryException; > {code} > h4. org.apache.jackrabbit.api.security.JackrabbitAccessControlManager > {code} > AccessControlPolicy[] getEffectivePolicies(@NotNull Set<Principal> > principals) throws AccessDeniedException, AccessControlException, > UnsupportedRepositoryOperationException, RepositoryException; > {code} > h4. The missing piece > What is not possible today however is retrieving the effective policies for a > given set of principals that take effect on a particular path. While > consumers of the method provided {{JackrabbitAccessControlManager}} might be > able to guess where the policies take effect and thus filter the accordingly, > this should not be taken for granted and it would be better if there was an > API to retrieve the filtered set as the implementations of > {{JackrabbitAccessControlManager}} are able to determine the effect (instead > of guessing).... in particular when restrictions are present. > I would there suggest to introduce in {{JackrabbitAccessControlManager}} > something like > {code} > Iterator<AccessControlPolicy> getEffectivePolicies(@NotNull > Set<Principal> principals, @Nullable String absPath) throws > AccessDeniedException, AccessControlException, > UnsupportedRepositoryOperationException, RepositoryException; > {code} > cc: [~cschneider] who highlighted the issue to me while investigating an > issue with Sling Content Distribution. -- This message was sent by Atlassian Jira (v8.20.10#820010)