You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-issues@jackrabbit.apache.org by "angela (JIRA)" <ji...@apache.org> on 2019/04/25 08:58:00 UTC
[jira] [Created] (OAK-8276)
OR-CompositeTreePermission.grantsPermission should loop over aggregates of
supported permissions
angela created OAK-8276:
---------------------------
Summary: OR-CompositeTreePermission.grantsPermission should loop over aggregates of supported permissions
Key: OAK-8276
URL: https://issues.apache.org/jira/browse/OAK-8276
Project: Jackrabbit Oak
Issue Type: Bug
Components: core, security
Reporter: angela
[~stillalex], issue as discussed in person: while working on OAK-8269 and the missing tests for the ORing {{CompositeTreePermission}} i noticed the following issue in {{grantsPermission}}: after obtaining the supported permissions the code loops over the individual permissions aggregated. but passes the original permission instead of the supported ones which potentially only include a subset.
the affected code inside the method looks as follows:
{code}
long supported = providers[i].supportedPermissions(tp, property, permissions);
if (doEvaluate(supported)) {
if (compositionType == AND) {
[...]
} else {
for (long p : Permissions.aggregates(permissions)) { // <==== issue line 221
[...]
}
}
}
{code}
IMO the code at line 221 should rather be as follows:
{code}
for (long p : Permissions.aggregates(supported)) {
{code}
i will go ahead fix it along with a test case that illustrates the issue.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)