[ https://issues.apache.org/jira/browse/JCR-3923?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16349096#comment-16349096 ]
Kamil commented on JCR-3923: ---------------------------- Don't you think that it is rather unintuitive that "/" doesn't match the root node? I think this is the main issue... Moreover - how do you want to differentiate between "matches node / only" and "/ and all descendants"? > Repository root doesn't respect rep:glob > ---------------------------------------- > > Key: JCR-3923 > URL: https://issues.apache.org/jira/browse/JCR-3923 > Project: Jackrabbit Content Repository > Issue Type: Bug > Reporter: Kamil > Priority: Major > > I have following node structure: > {noformat} > /test > /test/child > /foo > {noformat} > When I set Principal based privileges to some user as: > {noformat} > Map<String, Value> restrictions = new HashMap<String, Value>(); > ValueFactory vf = session.getValueFactory(); > restrictions.put("rep:nodePath", vf.createValue("/test", PropertyType.PATH)); > restrictions.put("rep:glob", vf.createValue("")); > > jacl.addEntry(principal, privileges, allow, restrictions); > > acManager.setPolicy(jacl.getPath(), jacl); > session.save(); > {noformat} > where according to this documentation > http://jackrabbit.apache.org/api/2.2/org/apache/jackrabbit/core/security/authorization/GlobPattern.html > empty string means "matches /foo only", user can see only: > {noformat} > /test > {noformat} > without a child, which is correct. But when I set: > {noformat} > Map<String, Value> restrictions = new HashMap<String, Value>(); > ValueFactory vf = session.getValueFactory(); > restrictions.put("rep:nodePath", vf.createValue("/", PropertyType.PATH)); > restrictions.put("rep:glob", vf.createValue("")); > > jacl.addEntry(principal, privileges, allow, restrictions); > > acManager.setPolicy(jacl.getPath(), jacl); > session.save(); > {noformat} > then user can see all descendants of root: > {noformat} > /test > /test/child > /foo > {noformat} > which is not correct -- This message was sent by Atlassian JIRA (v7.6.3#76005)