You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by GitBox <gi...@apache.org> on 2022/06/11 18:23:05 UTC
[GitHub] [sling-org-apache-sling-jcr-jackrabbit-accessmanager] enapps-enorman opened a new pull request, #15: SLING-11243 handle conflict between aggregate and leaf
enapps-enorman opened a new pull request, #15:
URL: https://github.com/apache/sling-org-apache-sling-jcr-jackrabbit-accessmanager/pull/15
Modifying an ACE should not include a allow/deny aggregate privilege when there is a deny/allow child privilege with the same restrictions as the parent
For example, consider this use case with a modifyAce request with fields like this on a parent node:
```
//allow the child privileges with varying restrictions
privilege@rep:readNodes=allow
privilege@rep:readProperties=allow
restriction@rep:readProperties@rep:itemNames@Allow=jcr:created
//and deny a child privilege with the same restrictions as the aggregate would get
privilege@rep:readProperties=deny
```
The expected ace of the child node should not have the jcr:read privilege set as allowed:
```
{
"principal":"testuser1",
"privileges":{
"rep:readProperties":{
"allow":{
"rep:itemNames":[
"jcr:created"
]
},
"deny":true
},
"rep:readNodes":{
"allow":true
}
}
}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@sling.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [sling-org-apache-sling-jcr-jackrabbit-accessmanager] sonarcloud[bot] commented on pull request #15: SLING-11243 handle conflict between aggregate and leaf
Posted by GitBox <gi...@apache.org>.
sonarcloud[bot] commented on PR #15:
URL: https://github.com/apache/sling-org-apache-sling-jcr-jackrabbit-accessmanager/pull/15#issuecomment-1152979479
Kudos, SonarCloud Quality Gate passed! [](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-jcr-jackrabbit-accessmanager&pullRequest=15)
[](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-jackrabbit-accessmanager&pullRequest=15&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-jackrabbit-accessmanager&pullRequest=15&resolved=false&types=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-jackrabbit-accessmanager&pullRequest=15&resolved=false&types=BUG)
[](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-jackrabbit-accessmanager&pullRequest=15&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-jackrabbit-accessmanager&pullRequest=15&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-jackrabbit-accessmanager&pullRequest=15&resolved=false&types=VULNERABILITY)
[](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-jcr-jackrabbit-accessmanager&pullRequest=15&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-jcr-jackrabbit-accessmanager&pullRequest=15&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-jcr-jackrabbit-accessmanager&pullRequest=15&resolved=false&types=SECURITY_HOTSPOT)
[](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-jackrabbit-accessmanager&pullRequest=15&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-jackrabbit-accessmanager&pullRequest=15&resolved=false&types=CODE_SMELL) [1 Code Smell](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-jackrabbit-accessmanager&pullRequest=15&resolved=false&types=CODE_SMELL)
[](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-jcr-jackrabbit-accessmanager&pullRequest=15&metric=new_coverage&view=list) [98.4% Coverage](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-jcr-jackrabbit-accessmanager&pullRequest=15&metric=new_coverage&view=list)
[](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-jcr-jackrabbit-accessmanager&pullRequest=15&metric=new_duplicated_lines_density&view=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-jcr-jackrabbit-accessmanager&pullRequest=15&metric=new_duplicated_lines_density&view=list)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@sling.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [sling-org-apache-sling-jcr-jackrabbit-accessmanager] enapps-enorman merged pull request #15: SLING-11243 handle conflict between aggregate and leaf
Posted by GitBox <gi...@apache.org>.
enapps-enorman merged PR #15:
URL: https://github.com/apache/sling-org-apache-sling-jcr-jackrabbit-accessmanager/pull/15
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@sling.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org