You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Eric Norman (JIRA)" <ji...@apache.org> on 2012/10/07 04:13:02 UTC
[jira] [Resolved] (SLING-2600) Effective ACL servlet returns
incorrect information
[ https://issues.apache.org/jira/browse/SLING-2600?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Eric Norman resolved SLING-2600.
--------------------------------
Resolution: Fixed
Fix Version/s: JCR Jackrabbit Access Manager 2.1.2
fixed in revision 1395204
> Effective ACL servlet returns incorrect information
> ---------------------------------------------------
>
> Key: SLING-2600
> URL: https://issues.apache.org/jira/browse/SLING-2600
> Project: Sling
> Issue Type: Bug
> Components: JCR
> Affects Versions: JCR Jackrabbit Access Manager 2.1.0
> Reporter: Dan Freeman
> Assignee: Eric Norman
> Fix For: JCR Jackrabbit Access Manager 2.1.2
>
>
> The GetEffectiveAclServlet only appears to reflect the permissions on lowest node in the requested hierarchy that has an ACL, rather than aggregating all entries.
> Given, e.g., a node structure with the following privileges:
> /base
> principalA - jcr:write=granted
> principalB - jcr:write=granted
> /base/child
> principalB - jcr:lockManagement=granted
> When requesting /base/child.eacl.json, the expected result would be that the privileges granted to both principals on /base would be reflected, in addition to those declared directly on /base/child.
> Instead, requests for /base/child.eacl.json and /base/child.acl.json both return:
> {
> "principalB": {
> "granted": [
> "jcr:lockManagement"
> ],
> "order": 0,
> "principal": "principalB"
> }
> }
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira