-
Type: Improvement
-
Status: Resolved
-
Priority: Critical
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: 6.0
-
Component/s: Core, Core VCS, Security / Rights
-
Epic Link:
-
Tags:
-
Impact type:API change
-
Upgrade notes:
-
Sprint:Sprint RepoTeam 5.9.5-1, Sprint RepoTeam 5.9.5-2
Implement an ACL model where a document's effective ACLs are only positive ACLs.
This is possible if the only possible blocking is everything.
This allows a number of low-level optimisations, and allows ACL checks to be just a set intersection. This also allows a model more compatible with cloud storage, where the access to a document is controlled by just a list of allowed identities.
- flag in Nuxeo to enable this mode
- checks that no blocking ACLs are set against the rules
- low-level optimizations in VCS