You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-issues@jackrabbit.apache.org by "Pierre Tager (JIRA)" <ji...@apache.org> on 2017/03/15 00:00:44 UTC
[jira] [Commented] (OAK-5931) Inconsistent behaviour when removing
nodes with rep:policy subnodes for users without modify ACL permissions
[ https://issues.apache.org/jira/browse/OAK-5931?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15925293#comment-15925293 ]
Pierre Tager commented on OAK-5931:
-----------------------------------
[~alexxx] [~dhasler] making sure this is on your radar.
> Inconsistent behaviour when removing nodes with rep:policy subnodes for users without modify ACL permissions
> -------------------------------------------------------------------------------------------------------------
>
> Key: OAK-5931
> URL: https://issues.apache.org/jira/browse/OAK-5931
> Project: Jackrabbit Oak
> Issue Type: Bug
> Components: security
> Affects Versions: 1.4.14, 1.6.1
> Reporter: Tom Blackford
> Attachments: ACLTest.java
>
>
> If a session (without rep:modifyAccessControl) removes a node with a rep:policy subnode and then recreates it within the same save (without the rep:policy subnode) the commit diff will mistake the action for the removal of the ACL, which this session is not authorised to do.
> If the session is saved prior to recreating the node, both saves (after remove and after recreate) will succeed.
> From discussion with angela:
> {quote}
> the diff mechanism used within Root.commit cannot distinguish between the removal of a policy or the replace of the access controlled node with one that doesn't have the policy set. within that diff it looks like the removal of the policy node
> {quote}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)