You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@jackrabbit.apache.org by "Konrad Windszus (Jira)" <ji...@apache.org> on 2022/09/12 07:42:00 UTC

[jira] [Updated] (JCRVLT-522) Authorizable and authorization nodes applied even if filter rules exclude them

     [ https://issues.apache.org/jira/browse/JCRVLT-522?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Konrad Windszus updated JCRVLT-522:
-----------------------------------
    Fix Version/s: 3.6.4
                       (was: 3.6.2)

> Authorizable and authorization nodes applied even if filter rules exclude them
> ------------------------------------------------------------------------------
>
>                 Key: JCRVLT-522
>                 URL: https://issues.apache.org/jira/browse/JCRVLT-522
>             Project: Jackrabbit FileVault
>          Issue Type: Improvement
>          Components: Packaging
>    Affects Versions: 3.4.10
>            Reporter: Konrad Windszus
>            Assignee: Konrad Windszus
>            Priority: Major
>             Fix For: 3.6.4
>
>
> Currently the filter rules are not fully evaluated prior to applying ACLs (in rep:policy and rep:repoPolicy files). According to JCRVLT-372 this is a bug. The same is true for authorizable nodes (compare with JCRVLT-71).
> The exact install behaviour is as follows (given that the ACHandling is not IGNORE):
>  
> || ||ACL Path in Filter?||Effect||Example ACL Path(s)||Example Content Node Path(s)||
> ||1|Contained in filter|Installed|/testroot/node_a/rep:policy|/testroot/node_a||
> ||2|Not contained in filter, but ancestor is contained|Installed|/testroot/secured/rep:policy|testroot/secured||
> ||3|Neither path nor ancestor is contained in filter|Not Installed|/test2/rep:policy|/test2||
> ||4|Path is not contained in filter, ancestor is not contained either, but node affected by ACLs is contained|Not Installed|/testroot/rep:policy|/testroot||
> The example columns assume the following filter.xml
> {code}
> <workspaceFilter version="1.0">
>     <filter root="/testroot">
>        <include pattern="/testroot/secured"/>
>        <include pattern="/testroot/secured/jcr:content"/>
>        <include pattern="/testroot/node_a(/.*)?"/>
>     </filter>
> </workspaceFilter>
> {code}
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)