[ https://issues.apache.org/jira/browse/JCRVLT-522?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17479164#comment-17479164 ]
Konrad Windszus commented on JCRVLT-522: ---------------------------------------- [~tripod] Ping, how should we fix this inconsistent and unexpected behaviour? > Authorizable and authorization nodes applied even if filter rules exclude them > ------------------------------------------------------------------------------ > > Key: JCRVLT-522 > URL: https://issues.apache.org/jira/browse/JCRVLT-522 > Project: Jackrabbit FileVault > Issue Type: Improvement > Components: Packaging > Affects Versions: 3.4.10 > Reporter: Konrad Windszus > Assignee: Konrad Windszus > Priority: Major > Fix For: 3.5.10 > > > Currently the filter rules are not fully evaluated prior to applying ACLs (in > rep:policy and rep:repoPolicy files). According to JCRVLT-372 this is a bug. > The same is true for authorizable nodes (compare with JCRVLT-71). > The exact install behaviour is as follows (given that the ACHandling is not > IGNORE): > > || ||Path in Filter?||Effect||Example ACL Path(s)||Example Content Node > Path(s)|| > ||1|Contained in > filter|Installed|/testroot/node_a/rep:policy|/testroot/node_a|| > ||2|Not contained in filter, but ancestor is > contained|Installed|/testroot/secured/rep:policy|testroot/secured|| > ||3|Neither path nor ancestor is contained in filter|Not > Installed|/test2/rep:policy|/test2|| > ||4|Path is not contained in filter, ancestor is not contained either, but > node affected by ACLs is contained|Not > Installed|/testroot/rep:policy|/testroot|| > The example columns assume the following filter.xml > {code} > <workspaceFilter version="1.0"> > <filter root="/testroot"> > <include pattern="/testroot/secured"/> > <include pattern="/testroot/secured/jcr:content"/> > <include pattern="/testroot/node_a(/.*)?"/> > </filter> > </workspaceFilter> > {code} > -- This message was sent by Atlassian Jira (v8.20.1#820001)