You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@jackrabbit.apache.org by Ian Boston <ia...@caret.cam.ac.uk> on 2010/05/13 14:19:38 UTC

UserAccessControlProvider, possible issue.

Hi,
JR core 2.0.0
In UserAccessControlProvider.compilePermissions(...), if no principal relating to a user node can be found, then a set or read only compiled permissions is provided. That set gives the session read only access to the entire security workspace regardless of path.

If the user node is found, then an instance of UserAccessControlProvider.CompilePermissions is used and in UserAccessControlProvider.CompilePermissions.buildResult(...) there is a check for no user node. If there is no user node, all permissions are denied regardless of path.

Although the first case will never happen for an installation of Jackrabbit where there are no custom PrincipalManagers, I suspect, based on the impl of UserAccessControlProvider.CompilePermissions.buildResult(...) was to deny all access to the security workspace where there was no corresponding user node in a set of principals.

Did I read the code right ?
Is this a bug in 2.0.0 ?
Has it already been fixed in a later release ?

Ian

Re: UserAccessControlProvider, possible issue.

Posted by Ian Boston <ie...@tfd.co.uk>.

On 14 May 2010, at 07:30, Angela Schreiber wrote:

> if this is the case then it is inconsistent and thus a bug.
> can you file an issue for that... preferably with a test
> illustrating the problem. thanks.

Done:
https://issues.apache.org/jira/browse/JCR-2630

Thanks
Ian

Re: UserAccessControlProvider, possible issue.

Posted by Angela Schreiber <an...@day.com>.

hi ian

> Hi,
> JR core 2.0.0
> In UserAccessControlProvider.compilePermissions(...), if no principal relating to a user node can be found, then a set or read only compiled permissions is provided. That set gives the session read only access to the entire security workspace regardless of path.
> 
> If the user node is found, then an instance of UserAccessControlProvider.CompilePermissions is used and in UserAccessControlProvider.CompilePermissions.buildResult(...) there is a check for no user node. If there is no user node, all permissions are denied regardless of path.
> 
> Although the first case will never happen for an installation of Jackrabbit where there are no custom PrincipalManagers, I suspect, based on the impl of UserAccessControlProvider.CompilePermissions.buildResult(...) was to deny all access to the security workspace where there was no corresponding user node in a set of principals.

if this is the case then it is inconsistent and thus a bug.
can you file an issue for that... preferably with a test
illustrating the problem. thanks.

> Has it already been fixed in a later release ?

not that i would know of.

regards
angela