[
https://issues.apache.org/jira/browse/SLING-3224?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16139887#comment-16139887
]
Robert Munteanu commented on SLING-3224:
----------------------------------------
Stepping through the code I can see that Oak returns the privileges correctly.
However, in {{AbstractGetAclServlet.internalGetAcl}} , the
{{mergePrivilegeSet}} invocation does not work properly. The call that fails is
at line 181:
{code:java}
mergePrivilegeSets(privilege,
privilegeToAncestorMap,
deniedSet, grantedSet);
{code}
where privilege is {{jcr:write}, deniedSet is empty and grantedSet is
{{jcr:all}}.
The logic is quite involved but I guess expansion of aggregate privileges is
broken here.
> GetAclTest integration test fails on Oak
> ----------------------------------------
>
> Key: SLING-3224
> URL: https://issues.apache.org/jira/browse/SLING-3224
> Project: Sling
> Issue Type: Bug
> Components: Testing
> Reporter: Bertrand Delacretaz
> Priority: Minor
> Labels: sling-IT
>
> Failed tests: testEffectiveAclMergeForUser_SubsetOfPrivilegesDeniedOnChild:
> Expected privilege jcr:modifyProperties to be NOT INCLUDED in supplied list:
> [rep:userManagement, jcr:nodeTypeManagement, jcr:modifyProperties,
> jcr:namespaceManagement, rep:privilegeManagement, jcr:workspaceManagement,
> rep:readProperties, rep:alterProperties, jcr:nodeTypeDefinitionManagement,
> jcr:lockManagement, jcr:read, jcr:lifecycleManagement, jcr:removeNode,
> jcr:modifyAccessControl, jcr:removeChildNodes, jcr:versionManagement,
> rep:addProperties, rep:removeProperties, rep:readNodes,
> jcr:readAccessControl, jcr:addChildNodes, jcr:retentionManagement])
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
