jackrabbit-oak-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tom Blackford (JIRA)" <j...@apache.org>
Subject [jira] [Created] (OAK-5931) Inconsistent behaviour when removing nodes with rep:policy subnodes for users without modify ACL permissions
Date Tue, 14 Mar 2017 21:42:41 GMT
Tom Blackford created OAK-5931:
----------------------------------

             Summary:  Inconsistent behaviour when removing nodes with rep:policy subnodes
for users without modify ACL permissions
                 Key: OAK-5931
                 URL: https://issues.apache.org/jira/browse/OAK-5931
             Project: Jackrabbit Oak
          Issue Type: Bug
          Components: security
    Affects Versions: 1.6.1, 1.4.14
            Reporter: Tom Blackford


If a session (without rep:modifyAccessControl) removes a node with a rep:policy subnode and
then recreates it within the same save (without the rep:policy subnode) the commit diff will
mistake the action for the removal of the ACL, which this session is not authorised to do.

If the session is saved prior to recreating the node, both saves (after remove and after recreate)
will succeed.

>From discussion with angela:
{quote}
the diff mechanism used within Root.commit cannot distinguish between the removal of a policy
or the replace of the access controlled node with one that doesn't have the policy set. within
that diff it looks like the removal of the policy node
{quote}



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message