[
https://issues.apache.org/jira/browse/SLING-3224?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16139797#comment-16139797
]
Robert Munteanu commented on SLING-3224:
----------------------------------------
I am not sure that this is an error in Oak. Failing to find an actual test for
this scenario, I wrote one which passes:
{noformat}diff --git
a/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/ChildNodePermissionsTest.java
b/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/ChildNodePermissionsTest.java
new file mode 100644
index 0000000000..18b64026c2
--- /dev/null
+++
b/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/ChildNodePermissionsTest.java
@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.jackrabbit.oak.jcr.security.authorization;
+
+import javax.jcr.Node;
+import javax.jcr.security.Privilege;
+
+import org.junit.Test;
+
+public class ChildNodePermissionsTest extends AbstractEvaluationTest {
+
+ @Test
+ public void testChildNodeDeniedJcrWrite() throws Exception {
+
+ Node n = superuser.getNode(path);
+ Node child = n.addNode("child");
+
+ allow(n.getPath(), privilegesFromName(Privilege.JCR_ALL));
+ deny(child.getPath(), privilegesFromName(Privilege.JCR_WRITE));
+
+ assertHasPrivilege(child.getPath(), Privilege.JCR_MODIFY_PROPERTIES,
false);
+ }
+}
{noformat}
> GetAclTest integration test fails on Oak
> ----------------------------------------
>
> Key: SLING-3224
> URL: https://issues.apache.org/jira/browse/SLING-3224
> Project: Sling
> Issue Type: Bug
> Components: Testing
> Reporter: Bertrand Delacretaz
> Priority: Minor
> Labels: sling-IT
>
> Failed tests: testEffectiveAclMergeForUser_SubsetOfPrivilegesDeniedOnChild:
> Expected privilege jcr:modifyProperties to be NOT INCLUDED in supplied list:
> [rep:userManagement, jcr:nodeTypeManagement, jcr:modifyProperties,
> jcr:namespaceManagement, rep:privilegeManagement, jcr:workspaceManagement,
> rep:readProperties, rep:alterProperties, jcr:nodeTypeDefinitionManagement,
> jcr:lockManagement, jcr:read, jcr:lifecycleManagement, jcr:removeNode,
> jcr:modifyAccessControl, jcr:removeChildNodes, jcr:versionManagement,
> rep:addProperties, rep:removeProperties, rep:readNodes,
> jcr:readAccessControl, jcr:addChildNodes, jcr:retentionManagement])
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
