jackrabbit-oak-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Julian Sedding (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (OAK-5947) Allowing non-admin user to set repository permissions fails
Date Mon, 20 Mar 2017 16:25:42 GMT

     [ https://issues.apache.org/jira/browse/OAK-5947?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Julian Sedding updated OAK-5947:
--------------------------------
    Attachment:     (was: SetRepoPolicyTest.patch)

> Allowing non-admin user to set repository permissions fails
> -----------------------------------------------------------
>
>                 Key: OAK-5947
>                 URL: https://issues.apache.org/jira/browse/OAK-5947
>             Project: Jackrabbit Oak
>          Issue Type: Bug
>          Components: jcr, security
>    Affects Versions: 1.6.1
>            Reporter: Julian Sedding
>         Attachments: SetRepoPolicyTest.patch
>
>
> Given a user principal {{testUser}} is granted {{jcr:readAccessControl}} and {{jcr:modifyAccessControl}}
on the repository ({{rep:repoPolicy}}), I would expect that this user can e.g. allow {{everyone}}
the {{jcr:namespaceManagement}} permission on the repository.
> Currently this fails with the following exception:
> {noformat}
> javax.jcr.AccessDeniedException
> 	at org.apache.jackrabbit.oak.util.NodeUtil.addChild(NodeUtil.java:113)
> 	at org.apache.jackrabbit.oak.security.authorization.accesscontrol.AccessControlManagerImpl.setNodeBasedAcl(AccessControlManagerImpl.java:289)
> 	at org.apache.jackrabbit.oak.security.authorization.accesscontrol.AccessControlManagerImpl.setPolicy(AccessControlManagerImpl.java:220)
> 	at org.apache.jackrabbit.oak.jcr.delegate.AccessControlManagerDelegator$8.performVoid(AccessControlManagerDelegator.java:132)
> 	at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.performVoid(SessionDelegate.java:274)
> 	at org.apache.jackrabbit.oak.jcr.delegate.AccessControlManagerDelegator.setPolicy(AccessControlManagerDelegator.java:129)
> 	at org.apache.jackrabbit.oak.jcr.delegate.JackrabbitAccessControlManagerDelegator.setPolicy(JackrabbitAccessControlManagerDelegator.java:152)
> 	at org.apache.jackrabbit.oak.jcr.SetRepoPolicyPermissionsTest.setRepositoryPermissions(SetRepoPolicyPermissionsTest.java:82)
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message