You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jackrabbit.apache.org by "Alex Parvulescu (JIRA)" <ji...@apache.org> on 2012/09/04 17:18:07 UTC
[jira] [Updated] (JCR-3412) UserManager.findAuthorizables() does
not work, if session does not have read access to /home
[ https://issues.apache.org/jira/browse/JCR-3412?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alex Parvulescu updated JCR-3412:
---------------------------------
Attachment: JCR-3412.patch
I'm having a bit of trouble building a proper test for this issue.
I see no way to remove read access to the folder that is the home of the acl config (what I'm assuming is refered to as "/home")
There are no ACLs on the node, all the tests I've seen in jr-core assume there is some kind of ACL list that can be tweaked.
Also, I find the fact that all the ACL config is created in the "security" workspace confusing, it took some time to figure that one out :)
I'm attaching what I have so far (patch against jackrabbit-core).
feedback is much appreciated.
> UserManager.findAuthorizables() does not work, if session does not have read access to /home
> --------------------------------------------------------------------------------------------
>
> Key: JCR-3412
> URL: https://issues.apache.org/jira/browse/JCR-3412
> Project: Jackrabbit Content Repository
> Issue Type: Bug
> Components: jackrabbit-core, query, security
> Affects Versions: 2.4
> Reporter: Tobias Bocanegra
> Attachments: JCR-3412.patch
>
>
> If the session does not have read access to /home, the UserManager.findAuthorizables() does not find anything.
> log shows:
> org.apache.jackrabbit.core.query.lucene.DescendantSelfAxisQuery Access denied to node id d8cbdd0f-4fe1-473f-b452-219a3eb3d867.
> Where as this query works, and returns the user homes the session has read access to:
> /jcr:root//element(*,rep:User)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira