[
https://issues.apache.org/jira/browse/OAK-8383?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
angela updated OAK-8383:
------------------------
Fix Version/s: (was: 1.14.0)
1.16.0
> AccessControlValidator: check for duplicate ACE ignores allow/deny status
> -------------------------------------------------------------------------
>
> Key: OAK-8383
> URL: https://issues.apache.org/jira/browse/OAK-8383
> Project: Jackrabbit Oak
> Issue Type: Bug
> Components: core, security
> Reporter: angela
> Assignee: angela
> Priority: Major
> Fix For: 1.16.0
>
>
> just found out that the verification in {{AccessControlValidator}} asserting
> that no duplicate entries are present, doesn't take the primary type of the
> ACE node into account which defines if the entry is allowing or denying
> access.
> In otherwords: when manually adding 2 entries though oak API that only differ
> by the allow/deny the validator will wrongly fail, warning about duplicate
> entries. Since adding ACEs manually through JCR API is not possible and the
> access control list implementation filters out duplications, this issue
> hasn't shown up.
> cc [~stillalex]
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
