[jira] [Commented] (OAK-8855) Permission evaluation of nodes broken after :nestedCug removed from parent node

Wed, 15 Jan 2020 04:33:24 -0800 


    [ 
https://issues.apache.org/jira/browse/OAK-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17015919#comment-17015919
 ] 

Andrei Dulceanu commented on OAK-8855:
--------------------------------------

[~kunal3112], Oak build fails with the following exception after applying the 
patch on 1.8 local branch:

{noformat}
[ERROR] Failed to execute goal 
org.apache.maven.plugins:maven-compiler-plugin:3.8.1:testCompile 
(default-testCompile) on project oak-authorization-cug: Compilation failure: 
Compilation failure:
[ERROR] 
/Users/dulceanu/projects/apache/jackrabbit-oak/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/NestedCugHookPermissionTest.java:[89,9]
 cannot find symbol
[ERROR]   symbol:   method 
createTrees(org.apache.jackrabbit.oak.api.Tree,java.lang.String,java.lang.String,java.lang.String)
[ERROR]   location: class 
org.apache.jackrabbit.oak.spi.security.authorization.cug.impl.NestedCugHookPermissionTest
[ERROR] 
/Users/dulceanu/projects/apache/jackrabbit-oak/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/NestedCugHookPermissionTest.java:[90,9]
 cannot find symbol
[ERROR]   symbol:   method 
createTrees(org.apache.jackrabbit.oak.api.Tree,java.lang.String,java.lang.String,java.lang.String)
[ERROR]   location: class 
org.apache.jackrabbit.oak.spi.security.authorization.cug.impl.NestedCugHookPermissionTest
{noformat}

Can you please add the missing method to a new patch?

> Permission evaluation of nodes broken after :nestedCug removed from parent 
> node
> -------------------------------------------------------------------------------
>
>                 Key: OAK-8855
>                 URL: https://issues.apache.org/jira/browse/OAK-8855
>             Project: Jackrabbit Oak
>          Issue Type: Bug
>          Components: authorization-cug
>    Affects Versions: 1.8.7
>            Reporter: Kunal Shubham
>            Assignee: Andrei Dulceanu
>            Priority: Major
>         Attachments: 0001-Fix-nestedcug-permission-issue.patch, 
> OAK-8855_backport.patch, diff.patch
>
>
> Steps to Reproduce:
>  # Create a node 'a' which has two children nodes 'b1' and 'b2'. The content 
> tree looks as shown: /content/a/b1, /content/a/b2. Create two users user1 and 
> user2.
>  # Apply CUG policy on /content/a.
>  ** Authorize user1 and user2 to read /content/a.
>  ** Authorize user1 to read /content/a/b1.
>  ** Authorize user2 to read /content/a/b2.
>  # Remove :nestedCugs property from /content/a/rep:cugPolicy.
>  # Create a content session, login with user2. Try to read /content/a/b1.
> *Observed behavior* : user2 is able to read /content/a/b1.
> *Expected behavior* : user2 should not be able to read /content/a/b1 as it is 
> unauthorized to do so.
> Please note that :nestedCugs is removed by a mechanism which completely 
> overwrites content tree below "/content/a".



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to