You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-issues@jackrabbit.apache.org by "Tobias Bocanegra (JIRA)" <ji...@apache.org> on 2015/05/30 07:47:17 UTC
[jira] [Created] (OAK-2933) AccessDenied when modifying transiently
moved item with too many ACEs
Tobias Bocanegra created OAK-2933:
-------------------------------------
Summary: AccessDenied when modifying transiently moved item with too many ACEs
Key: OAK-2933
URL: https://issues.apache.org/jira/browse/OAK-2933
Project: Jackrabbit Oak
Issue Type: Bug
Components: security
Affects Versions: 1.0.13
Reporter: Tobias Bocanegra
If at least the following preconditions are fulfilled, saving a moved item fails with access denied:
1. there are more PermissionEntries in the PermissionEntryCache than the configured EagerCacheSize
2. an node is moved to a location where the user has write access through a group membership
3. a property is added to the transiently moved item
For example:
1. set the *eagerCacheSize* to '0'
2. create new group *testgroup* and user *testuser*
3. make *testuser* member of *testgroup*
4. create nodes {{/testroot/a}} and {{/testroot/a/b}} and {{/testroot/a/c}}
5. allow *testgroup* {{rep:write}} on {{/testroot/a}}
6. as *testuser* create {{/testroot/a/b/item}} (to verify that the user has write access)
7. as *testuser* move {{/testroot/a/b/item}} to {{/testroot/a/c/item}}
8. {{save()}} -> works
9. as *testuser* move {{/testroot/a/c/item}} back to {{/testroot/a/b/item}} AND add new property to the transient {{/testroot/a/b/item}}
10. {{save()}} -> access denied
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)