[ 
https://issues.apache.org/jira/browse/SLING-9971?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Karl Pauls reassigned SLING-9971:
---------------------------------

    Assignee: Karl Pauls

> AclManagerTest/RepPolicyEntryHandlerTest : no tests for 'deny' entries
> ----------------------------------------------------------------------
>
>                 Key: SLING-9971
>                 URL: https://issues.apache.org/jira/browse/SLING-9971
>             Project: Sling
>          Issue Type: Improvement
>          Components: Content-Package to Feature Model Converter
>            Reporter: Angela Schreiber
>            Assignee: Karl Pauls
>            Priority: Minor
>             Fix For: Content-Package to Feature Model Converter 1.0.26
>
>
> from what i can see there exists not a single test case for 'deny' access 
> control entries. while i agree that creating deny-entries for system users 
> should be considered bad practice, it's it possible with resource-based 
> access control setup (note though that principal-based access control setup 
> only allows for 'allow' entries, see 
> http://jackrabbit.apache.org/api/2.18/org/apache/jackrabbit/api/security/authorization/PrincipalAccessControlList.html#addEntry-java.lang.String-javax.jcr.security.Privilege:A-
>  and 
> http://jackrabbit.apache.org/oak/docs/security/authorization/principalbased.html#Implementation_Details).
> unless the converter intended to prevent 'deny' entries from being used 
> (currently not the case), i think there should be at least 1 test that 
> verifies that deny entries will be properly converted.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to