[jira] [Commented] (JCRVLT-522) Authorizable and authorization nodes applied even if filter rules exclude them

["Konrad Windszus (Jira)" <ji...@apache.org>]

    [ https://issues.apache.org/jira/browse/JCRVLT-522?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17405847#comment-17405847 ] 

Konrad Windszus commented on JCRVLT-522:
----------------------------------------

The handling for authorizables during import look weird to me:
- In case there doesn't exist yet an authorizable with the new ID, it will be created independent of filter rules (https://github.com/apache/jackrabbit-filevault/blob/61e920f55e487aa5dc045c66ce5b7b5e444784ca/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/DocViewSAXImporter.java#L725)
- In case there is already an authorizable node and the to be imported authorizable is outside the filter the existing authorizable won't be touched (https://github.com/apache/jackrabbit-filevault/blob/61e920f55e487aa5dc045c66ce5b7b5e444784ca/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/DocViewSAXImporter.java#L750)

[~tripod] Can you confirm this is desired behavior? Any need for doing adjustments here?

> Authorizable and authorization nodes applied even if filter rules exclude them
> ------------------------------------------------------------------------------
>
>                 Key: JCRVLT-522
>                 URL: https://issues.apache.org/jira/browse/JCRVLT-522
>             Project: Jackrabbit FileVault
>          Issue Type: Improvement
>          Components: Packaging
>    Affects Versions: 3.4.10
>            Reporter: Konrad Windszus
>            Assignee: Konrad Windszus
>            Priority: Major
>             Fix For: 3.5.4
>
>
> Currently the filter rules are not evaluated prior to applying ACLs (in rep:policy and rep:repoPolicy files). According to JCRVLT-372 this is a bug. The same is true for authorizable nodes (compare with JCRVLT-71).



--
This message was sent by Atlassian Jira
(v8.3.4#803005)