[ https://issues.apache.org/jira/browse/OAK-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17015919#comment-17015919 ]
Andrei Dulceanu commented on OAK-8855: -------------------------------------- [~kunal3112], Oak build fails with the following exception after applying the patch on 1.8 local branch: {noformat} [ERROR] Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.8.1:testCompile (default-testCompile) on project oak-authorization-cug: Compilation failure: Compilation failure: [ERROR] /Users/dulceanu/projects/apache/jackrabbit-oak/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/NestedCugHookPermissionTest.java:[89,9] cannot find symbol [ERROR] symbol: method createTrees(org.apache.jackrabbit.oak.api.Tree,java.lang.String,java.lang.String,java.lang.String) [ERROR] location: class org.apache.jackrabbit.oak.spi.security.authorization.cug.impl.NestedCugHookPermissionTest [ERROR] /Users/dulceanu/projects/apache/jackrabbit-oak/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/NestedCugHookPermissionTest.java:[90,9] cannot find symbol [ERROR] symbol: method createTrees(org.apache.jackrabbit.oak.api.Tree,java.lang.String,java.lang.String,java.lang.String) [ERROR] location: class org.apache.jackrabbit.oak.spi.security.authorization.cug.impl.NestedCugHookPermissionTest {noformat} Can you please add the missing method to a new patch? > Permission evaluation of nodes broken after :nestedCug removed from parent > node > ------------------------------------------------------------------------------- > > Key: OAK-8855 > URL: https://issues.apache.org/jira/browse/OAK-8855 > Project: Jackrabbit Oak > Issue Type: Bug > Components: authorization-cug > Affects Versions: 1.8.7 > Reporter: Kunal Shubham > Assignee: Andrei Dulceanu > Priority: Major > Attachments: 0001-Fix-nestedcug-permission-issue.patch, > OAK-8855_backport.patch, diff.patch > > > Steps to Reproduce: > # Create a node 'a' which has two children nodes 'b1' and 'b2'. The content > tree looks as shown: /content/a/b1, /content/a/b2. Create two users user1 and > user2. > # Apply CUG policy on /content/a. > ** Authorize user1 and user2 to read /content/a. > ** Authorize user1 to read /content/a/b1. > ** Authorize user2 to read /content/a/b2. > # Remove :nestedCugs property from /content/a/rep:cugPolicy. > # Create a content session, login with user2. Try to read /content/a/b1. > *Observed behavior* : user2 is able to read /content/a/b1. > *Expected behavior* : user2 should not be able to read /content/a/b1 as it is > unauthorized to do so. > Please note that :nestedCugs is removed by a mechanism which completely > overwrites content tree below "/content/a". -- This message was sent by Atlassian Jira (v8.3.4#803005)