[
https://issues.apache.org/jira/browse/OAK-5931?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tom Blackford updated OAK-5931:
-------------------------------
Attachment: ACLTest.java
Adding test case showing the different behaviours.
> Inconsistent behaviour when removing nodes with rep:policy subnodes for
> users without modify ACL permissions
> -------------------------------------------------------------------------------------------------------------
>
> Key: OAK-5931
> URL: https://issues.apache.org/jira/browse/OAK-5931
> Project: Jackrabbit Oak
> Issue Type: Bug
> Components: security
> Affects Versions: 1.4.14, 1.6.1
> Reporter: Tom Blackford
> Attachments: ACLTest.java
>
>
> If a session (without rep:modifyAccessControl) removes a node with a
> rep:policy subnode and then recreates it within the same save (without the
> rep:policy subnode) the commit diff will mistake the action for the removal
> of the ACL, which this session is not authorised to do.
> If the session is saved prior to recreating the node, both saves (after
> remove and after recreate) will succeed.
> From discussion with angela:
> {quote}
> the diff mechanism used within Root.commit cannot distinguish between the
> removal of a policy or the replace of the access controlled node with one
> that doesn't have the policy set. within that diff it looks like the removal
> of the policy node
> {quote}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
