angela created OAK-8276:
---------------------------
Summary: OR-CompositeTreePermission.grantsPermission should loop
over aggregates of supported permissions
Key: OAK-8276
URL: https://issues.apache.org/jira/browse/OAK-8276
Project: Jackrabbit Oak
Issue Type: Bug
Components: core, security
Reporter: angela
[~stillalex], issue as discussed in person: while working on OAK-8269 and the
missing tests for the ORing {{CompositeTreePermission}} i noticed the following
issue in {{grantsPermission}}: after obtaining the supported permissions the
code loops over the individual permissions aggregated. but passes the original
permission instead of the supported ones which potentially only include a
subset.
the affected code inside the method looks as follows:
{code}
long supported = providers[i].supportedPermissions(tp, property,
permissions);
if (doEvaluate(supported)) {
if (compositionType == AND) {
[...]
} else {
for (long p : Permissions.aggregates(permissions)) { //
<==== issue line 221
[...]
}
}
}
{code}
IMO the code at line 221 should rather be as follows:
{code}
for (long p : Permissions.aggregates(supported)) {
{code}
i will go ahead fix it along with a test case that illustrates the issue.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
