[
https://issues.apache.org/jira/browse/JCRVLT-522?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17479164#comment-17479164
]
Konrad Windszus commented on JCRVLT-522:
----------------------------------------
[~tripod] Ping, how should we fix this inconsistent and unexpected behaviour?
> Authorizable and authorization nodes applied even if filter rules exclude them
> ------------------------------------------------------------------------------
>
> Key: JCRVLT-522
> URL: https://issues.apache.org/jira/browse/JCRVLT-522
> Project: Jackrabbit FileVault
> Issue Type: Improvement
> Components: Packaging
> Affects Versions: 3.4.10
> Reporter: Konrad Windszus
> Assignee: Konrad Windszus
> Priority: Major
> Fix For: 3.5.10
>
>
> Currently the filter rules are not fully evaluated prior to applying ACLs (in
> rep:policy and rep:repoPolicy files). According to JCRVLT-372 this is a bug.
> The same is true for authorizable nodes (compare with JCRVLT-71).
> The exact install behaviour is as follows (given that the ACHandling is not
> IGNORE):
>
> || ||Path in Filter?||Effect||Example ACL Path(s)||Example Content Node
> Path(s)||
> ||1|Contained in
> filter|Installed|/testroot/node_a/rep:policy|/testroot/node_a||
> ||2|Not contained in filter, but ancestor is
> contained|Installed|/testroot/secured/rep:policy|testroot/secured||
> ||3|Neither path nor ancestor is contained in filter|Not
> Installed|/test2/rep:policy|/test2||
> ||4|Path is not contained in filter, ancestor is not contained either, but
> node affected by ACLs is contained|Not
> Installed|/testroot/rep:policy|/testroot||
> The example columns assume the following filter.xml
> {code}
> <workspaceFilter version="1.0">
> <filter root="/testroot">
> <include pattern="/testroot/secured"/>
> <include pattern="/testroot/secured/jcr:content"/>
> <include pattern="/testroot/node_a(/.*)?"/>
> </filter>
> </workspaceFilter>
> {code}
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
