[ https://issues.apache.org/jira/browse/OAK-5931?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15925293#comment-15925293 ]
Pierre Tager commented on OAK-5931: ----------------------------------- [~alexxx] [~dhasler] making sure this is on your radar. > Inconsistent behaviour when removing nodes with rep:policy subnodes for > users without modify ACL permissions > ------------------------------------------------------------------------------------------------------------- > > Key: OAK-5931 > URL: https://issues.apache.org/jira/browse/OAK-5931 > Project: Jackrabbit Oak > Issue Type: Bug > Components: security > Affects Versions: 1.4.14, 1.6.1 > Reporter: Tom Blackford > Attachments: ACLTest.java > > > If a session (without rep:modifyAccessControl) removes a node with a > rep:policy subnode and then recreates it within the same save (without the > rep:policy subnode) the commit diff will mistake the action for the removal > of the ACL, which this session is not authorised to do. > If the session is saved prior to recreating the node, both saves (after > remove and after recreate) will succeed. > From discussion with angela: > {quote} > the diff mechanism used within Root.commit cannot distinguish between the > removal of a policy or the replace of the access controlled node with one > that doesn't have the policy set. within that diff it looks like the removal > of the policy node > {quote} -- This message was sent by Atlassian JIRA (v6.3.15#6346)