You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jackrabbit.apache.org by "Tobias Bocanegra (JIRA)" <ji...@apache.org> on 2011/04/14 09:45:05 UTC
[jira] [Issue Comment Edited] (JCR-2937) ACL with glob restrictions
does not work on '/'
[ https://issues.apache.org/jira/browse/JCR-2937?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13019714#comment-13019714 ]
Tobias Bocanegra edited comment on JCR-2937 at 4/14/11 7:43 AM:
----------------------------------------------------------------
from JCR-2700:
> an empty string restriction forces the ACE to take effect on the node it has been applied.
which means in this case, effect on '/'. but if i want to restrict the subnodes of '/' i can't express this. but i can for all other nodes than '/'.
eg: using '/*' works but not on '/' which is not intuitive.
was (Author: tripod):
from JCR-2700:
> an empty string restriction forces the ACE to take effect on the node it has been applied.
which means in this case, effect on '/'. but if i want to restrict the subnodes of '/' i can't express this. but i can for all other nodes than '/'.
eg: using '/*' works but on '/' which is not intuitive.
> ACL with glob restrictions does not work on '/'
> -----------------------------------------------
>
> Key: JCR-2937
> URL: https://issues.apache.org/jira/browse/JCR-2937
> Project: Jackrabbit Content Repository
> Issue Type: Bug
> Components: security
> Affects Versions: 2.3.0
> Reporter: Tobias Bocanegra
>
> i tried to define a ACL on '/' that would allow 'read' on '/' itself, but not for the nodes underneath. i tried "*", "/*", "./*" but none of them seem to do the desired effect.
> eg:
> everyone,allow,jcr:read, '/'
> everyone,deny,jcr:read, '/', glob="/*"
> the same works for a non-root node.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira