You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Robert Munteanu (JIRA)" <ji...@apache.org> on 2017/08/24 13:46:00 UTC
[jira] [Comment Edited] (SLING-3224) GetAclTest integration test
fails due to incorrect privilege expansion in AbstractGetAclServlet
[ https://issues.apache.org/jira/browse/SLING-3224?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16139887#comment-16139887 ]
Robert Munteanu edited comment on SLING-3224 at 8/24/17 1:45 PM:
-----------------------------------------------------------------
Stepping through the code I can see that Oak returns the privileges correctly. However, in {{AbstractGetAclServlet.internalGetAcl}} , the {{mergePrivilegeSet}} invocation does not work properly. The call that fails is at line 181:
{code:java}
mergePrivilegeSets(privilege,
privilegeToAncestorMap,
deniedSet, grantedSet);
{code}
where privilege is {{jcr:write}}, deniedSet is empty and grantedSet is {{jcr:all}}.
The logic is quite involved but I guess expansion of aggregate privileges is broken here.
_Edit_: typo
was (Author: rombert):
Stepping through the code I can see that Oak returns the privileges correctly. However, in {{AbstractGetAclServlet.internalGetAcl}} , the {{mergePrivilegeSet}} invocation does not work properly. The call that fails is at line 181:
{code:java}
mergePrivilegeSets(privilege,
privilegeToAncestorMap,
deniedSet, grantedSet);
{code}
where privilege is {{jcr:write}, deniedSet is empty and grantedSet is {{jcr:all}}.
The logic is quite involved but I guess expansion of aggregate privileges is broken here.
> GetAclTest integration test fails due to incorrect privilege expansion in AbstractGetAclServlet
> -----------------------------------------------------------------------------------------------
>
> Key: SLING-3224
> URL: https://issues.apache.org/jira/browse/SLING-3224
> Project: Sling
> Issue Type: Bug
> Components: JCR
> Reporter: Bertrand Delacretaz
> Assignee: Robert Munteanu
> Labels: sling-IT
> Fix For: JCR Jackrabbit Access Manager 3.0.2
>
>
> Failed tests: testEffectiveAclMergeForUser_SubsetOfPrivilegesDeniedOnChild:
> Expected privilege jcr:modifyProperties to be NOT INCLUDED in supplied list:
> [rep:userManagement, jcr:nodeTypeManagement, jcr:modifyProperties, jcr:namespaceManagement, rep:privilegeManagement, jcr:workspaceManagement, rep:readProperties, rep:alterProperties, jcr:nodeTypeDefinitionManagement, jcr:lockManagement, jcr:read, jcr:lifecycleManagement, jcr:removeNode, jcr:modifyAccessControl, jcr:removeChildNodes, jcr:versionManagement, rep:addProperties, rep:removeProperties, rep:readNodes, jcr:readAccessControl, jcr:addChildNodes, jcr:retentionManagement])
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)