You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Eric Norman (JIRA)" <ji...@apache.org> on 2010/03/25 19:40:27 UTC

[jira] Resolved: (SLING-1457) AccessControlUtil.replaceAccessControlEntry(..) must preserve the order of the ACEs in the AccessControlList when merging changes into an existing ACE

     [ https://issues.apache.org/jira/browse/SLING-1457?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Eric Norman resolved SLING-1457.
--------------------------------

       Resolution: Fixed
    Fix Version/s: JCR Base 2.1.0
                   JCR ContentLoader 2.0.8
                   Launchpad Testing 6

fix committed in r927532

> AccessControlUtil.replaceAccessControlEntry(..) must preserve the order of the ACEs in the AccessControlList when merging changes into an existing ACE
> ------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: SLING-1457
>                 URL: https://issues.apache.org/jira/browse/SLING-1457
>             Project: Sling
>          Issue Type: Bug
>          Components: JCR
>    Affects Versions: JCR Jackrabbit Access Manager 2.0.6
>            Reporter: Eric Norman
>            Assignee: Eric Norman
>             Fix For: Launchpad Testing 6, JCR ContentLoader 2.0.8, JCR Jackrabbit Access Manager 2.0.6, JCR Base 2.1.0
>
>
> As described by Ray Davis on the jackrabbit-users mailing list (see http://www.mail-archive.com/users@jackrabbit.apache.org/msg14734.html ), the order of the ACEs in the AccessControlList is important for resolving conflicting group permissions.  When resolving the permissions, if the current user is the member of multiple groups that have permissions specified, then the last group in the ACL wins if there are any conflicts.
> The problem is that whenever the sling AccessControlUtil.replaceAccessControlEntry(..) api is invoked to merge changes to an ACE, the old ACE is removed from the ACL and re-added at the end of list of ACEs.    Instead, the merge logic should ensure that the updated ACE is in the same position as the ACE that is being updated.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.