You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jackrabbit.apache.org by "angela (JIRA)" <ji...@apache.org> on 2009/11/05 22:57:32 UTC
[jira] Created: (JCR-2386) wrong eval order of access control
entries within a single node (node-based ac)
wrong eval order of access control entries within a single node (node-based ac)
-------------------------------------------------------------------------------
Key: JCR-2386
URL: https://issues.apache.org/jira/browse/JCR-2386
Project: Jackrabbit Content Repository
Issue Type: Bug
Components: jackrabbit-core
Reporter: angela
Assignee: angela
it seems to me that with the node-based access control the ac entries within a given node are currently collected in the wrong order.
if i remember correctly this worked before and i removed at some point (for reasons i don't recall exactly but have the vague idea that it
was related to the allow-only for groups).
anyway:
while playing around with the permission in our CRX recently i found, that the evaluation of the following setup didn't work as I would
have expected:
- user A is member of group B and C
- for both groups an ACE exists on a given node /a/b/c
- the acl looks like { deny for B, allow for C }
I would have expected that the allow for C would have reverted the previous deny for B since - in the GUI - I read the ace eval order from first entry to last entry... in the order I added them.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (JCR-2386) wrong eval order of access control
entries within a single node (node-based ac)
Posted by "angela (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JCR-2386?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
angela resolved JCR-2386.
-------------------------
Resolution: Fixed
Fix Version/s: 2.0.0
> wrong eval order of access control entries within a single node (node-based ac)
> -------------------------------------------------------------------------------
>
> Key: JCR-2386
> URL: https://issues.apache.org/jira/browse/JCR-2386
> Project: Jackrabbit Content Repository
> Issue Type: Bug
> Components: jackrabbit-core
> Reporter: angela
> Assignee: angela
> Fix For: 2.0.0
>
>
> it seems to me that with the node-based access control the ac entries within a given node are currently collected in the wrong order.
> if i remember correctly this worked before and i removed at some point (for reasons i don't recall exactly but have the vague idea that it
> was related to the allow-only for groups).
> anyway:
> while playing around with the permission in our CRX recently i found, that the evaluation of the following setup didn't work as I would
> have expected:
> - user A is member of group B and C
> - for both groups an ACE exists on a given node /a/b/c
> - the acl looks like { deny for B, allow for C }
> I would have expected that the allow for C would have reverted the previous deny for B since - in the GUI - I read the ace eval order from first entry to last entry... in the order I added them.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.