You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jackrabbit.apache.org by "Kamil (JIRA)" <ji...@apache.org> on 2015/11/10 14:03:10 UTC
[jira] [Created] (JCR-3931) Denying access to child node results
hiding property in parent
Kamil created JCR-3931:
--------------------------
Summary: Denying access to child node results hiding property in parent
Key: JCR-3931
URL: https://issues.apache.org/jira/browse/JCR-3931
Project: Jackrabbit Content Repository
Issue Type: Bug
Affects Versions: 2.10.1
Reporter: Kamil
I create a node with a child:
{noformat}
/foo
/foo/child
{noformat}
foo node has a property "myProp", so:
{noformat}
Node node = session.getNode("/foo");
System.out.println(node.hasProperty("myProp"));
{noformat}
results in "true"
Then I create new user and give him read access to /foo folder and /foo/child folder:
{noformat}
UserManager userManager = ((JackrabbitSession)session).getUserManager();
Principal principal = userManager.createUser("test", "test").getPrincipal();
JackrabbitAccessControlList jacl = null;
JackrabbitAccessControlManager acManager = (JackrabbitAccessControlManager) session.getAccessControlManager();
JackrabbitAccessControlPolicy[] policies = acManager.getPolicies(principal);
if (policies.length == 0) {
// No policies yet. Create one from the applicablePolicies
policies = acManager.getApplicablePolicies(principal);
}
jacl = (JackrabbitAccessControlList) policies[0];
Privilege[] privileges = new Privilege[]{acManager.privilegeFromName(Privilege.JCR_READ)};
//foo
Map<String, Value> restrictions = new HashMap<String, Value>();
ValueFactory vf = session.getValueFactory();
restrictions.put("rep:nodePath", vf.createValue("/foo", PropertyType.PATH));
restrictions.put("rep:glob", vf.createValue(""));
jacl.addEntry(principal, privileges, true, restrictions);
//foo/child
restrictions = new HashMap<String, Value>();
restrictions.put("rep:nodePath", vf.createValue("/foo/child", PropertyType.PATH));
restrictions.put("rep:glob", vf.createValue(""));
jacl.addEntry(principal, privileges, true, restrictions);
acManager.setPolicy(jacl.getPath(), jacl);
session.save();
{noformat}
Now, if I log in as a test and read my property:
{noformat}
Session session = repository.login(new SimpleCredentials("test", "test".toCharArray()), workspace);
Node node = session.getNode("/foo");
System.out.println(node.hasProperty("myProp"));
{noformat}
this also results in true,
BUT - when I remove access control entry for /foo/child and add another using allow=false:
{noformat}
AccessControlEntry[] accessControlEntries = jacl.getAccessControlEntries();
AccessControlEntry result = null;
for (AccessControlEntry accessControlEntry : accessControlEntries) {
if(((JackrabbitAccessControlEntry)accessControlEntry).getRestriction("rep:nodePath").getString().equals("/foo/child")){
result = accessControlEntry;
}
}
jacl.removeAccessControlEntry(result);
Privilege[] privileges = new Privilege[]{acManager.privilegeFromName(Privilege.JCR_READ)};
Map<String, Value> restrictions = new HashMap<String, Value>();
ValueFactory vf = session.getValueFactory();
restrictions.put("rep:nodePath", vf.createValue("/foo/child", PropertyType.PATH));
jacl.addEntry(principal, privileges, false /*HERE*/, restrictions);
acManager.setPolicy(jacl.getPath(), jacl);
session.save();
{noformat}
then
{noformat}
Session session = repository.login(new SimpleCredentials("test", "test".toCharArray()), workspace);
Node node = session.getNode("/foo");
System.out.println(node.hasProperty("myProp"));
{noformat}
results in "false" which I consider as a bug
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)