You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-issues@jackrabbit.apache.org by "angela (JIRA)" <ji...@apache.org> on 2013/07/26 09:25:48 UTC

[jira] [Comment Edited] (OAK-929) Permission changes not visible on root after refresh

    [ https://issues.apache.org/jira/browse/OAK-929?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13720490#comment-13720490 ] 

angela edited comment on OAK-929 at 7/26/13 7:24 AM:
-----------------------------------------------------

it will remove the deny entry and add a new allow entry but doesn't restore the original state of the root node.
so, the finally clause should rather remove the ACE created before.

therefore i would suggest to do something like

- collect ACEs present on the root before
- add the deny entry for the test
- finally obtain the ACL for the root path and remove all entries that have not been present before

{code}
Set<AccessControlEntry> acesBefore = ....
try {
   // do the test
} finally {
   AccessControlList acl = o.a.j.commons.j.authorization.AccessControlUtils.getAccessControlList(superuser, rootPath);
   if (acl != null) {
      for (AccessControlEntry ace : acl.getAccessControlEntries()) {
          if (!acesBefore.contains(ace) {
              acl.removeAccessControlEntry(ace);
          }
      }
      acManager.setPolicy(rootPath, acl);
      superuser.save();
   }
}
{code}

alternatively, we can move the test to a separate test class that creates it's private content repository.
but that would most probably more effort to do.

                
      was (Author: anchela):
    it will remove the deny entry and add a new allow entry but doesn't restore the original state of the root node.
so, the finally clause should rather remove the ACE created before.

therefore i would suggest to do something like

- collect ACEs present on the root before
- add the deny entry for the test
- finally obtain the ACL for the root path and remove all entries that have not been present before

{code}
Set<AccessControlEntry> acesBefore = ....
try {
   // do the test
} finally {
   AccessControlList acl = o.a.j.commons.j.authorization.AccessControlUtils.getAccessControlList(superuser, rootPath);
   if (acl != null) {
      for (AccessControlEntry ace : acl.getAccessControlEntries()) {
          if (!acesBefore.contains(ace) {
              acl.removeAccessControlEntry(ace);
          }
      }
      acManager.setPolicy(rootPath, acl);
      superuser.save();
   }
}
{code}

                  
> Permission changes not visible on root after refresh
> ----------------------------------------------------
>
>                 Key: OAK-929
>                 URL: https://issues.apache.org/jira/browse/OAK-929
>             Project: Jackrabbit Oak
>          Issue Type: Bug
>          Components: core
>            Reporter: Antonio Sanso
>            Assignee: Michael Dürig
>             Fix For: 0.9
>
>         Attachments: OAK-929-patch.txt
>
>
> it looks like there is an issue on updating permission for the root node.
> If the permission for the root are changed those are not "refreshed".
> Any other nodes different than root seems to work though

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira