Kunal Shubham created OAK-8855:
----------------------------------
Summary: Permission evaluation of nodes broken after :nestedCug
removed from parent node
Key: OAK-8855
URL: https://issues.apache.org/jira/browse/OAK-8855
Project: Jackrabbit Oak
Issue Type: Bug
Components: authorization-cug
Reporter: Kunal Shubham
Steps to Reproduce:
# Create a node 'a' which has two children nodes 'b1' and 'b2'. The content
tree looks as shown: /content/a/b1, /content/a/b2. Create two users user1 and
user2.
# Apply CUG policy on /content/a.
** Authorize user1 and user2 to read /content/a.
** Authorize user1 to read /content/a/b1.
** Authorize user2 to read /content/a/b2.
# Remove :nestedCugs property from /content/a/rep:cugPolicy.
# Create a content session, login with user2. Try to read /content/a/b1.
*Observed behavior* : user2 is able to read /content/a/b1.
*Expected behavior* : user2 should not be able to read /content/a/b1 as it is
unauthorized to do so.
Please note that :nestedCugs is removed by a mechanism which completely
overwrites content tree below "/content/a".
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
