[ https://issues.apache.org/jira/browse/OAK-1115?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Michael Marth updated OAK-1115: ------------------------------- Fix Version/s: 0.15 > Remove of Subtree after Move is not subjected to permission validation > ---------------------------------------------------------------------- > > Key: OAK-1115 > URL: https://issues.apache.org/jira/browse/OAK-1115 > Project: Jackrabbit Oak > Issue Type: Bug > Components: core > Reporter: angela > Assignee: angela > Priority: Critical > Fix For: 0.15 > > > the following test passes in Jackrabbit-Core but fails in OAK: > {code} > @Test > public void testMoveRemoveSubTree() throws Exception { > superuser.getNode(childNPath).addNode(nodeName3); > superuser.save(); > /* allow READ/WRITE privilege for testUser at 'path' */ > givePrivileges(path, privilegesFromNames(new String[] > {Privilege.JCR_READ, "rep:write"}), Collections.<String, Value>emptyMap()); > /* deny READ/REMOVE property privileges at subtree. */ > withdrawPrivileges(path, privilegesFromNames(new String[] > {Privilege.JCR_REMOVE_NODE}), Collections.singletonMap("rep:glob", > superuser.getValueFactory().createValue("*/"+nodeName3))); > Session testSession = getTestSession(); > assertTrue(testSession.nodeExists(childNPath)); > assertTrue(testSession.hasPermission(childNPath, > Session.ACTION_REMOVE)); > assertTrue(testSession.hasPermission(childNPath2, > Session.ACTION_ADD_NODE)); > testSession.move(childNPath, childNPath2 + "/dest"); > Node dest = testSession.getNode(childNPath2 + "/dest"); > dest.getNode(nodeName3).remove(); > try { > testSession.save(); > fail("Removing child node must be denied."); > } catch (AccessDeniedException e) { > // success > } > } > {code} > this is a critical security issue as it moving around the parent is > sufficient in order to be able to remove a node that was otherwise not > removable due to limited permissions. > Afaik this behavior is caused by a limitation in the Diff process which > doesn't allow to identify the move and thus makes it impossible to find out > if that the subtree has been removed. -- This message was sent by Atlassian JIRA (v6.1#6144)