[ https://issues.apache.org/jira/browse/OAK-10135?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Angela Schreiber resolved OAK-10135. ------------------------------------ Resolution: Fixed > JackrabbitAccessControlManager.getEffectivePolicies(Set principals) should > include ReadPolicy > --------------------------------------------------------------------------------------------- > > Key: OAK-10135 > URL: https://issues.apache.org/jira/browse/OAK-10135 > Project: Jackrabbit Oak > Issue Type: Improvement > Components: authorization-principalbased, core, security, > security-spi > Reporter: Angela Schreiber > Assignee: Angela Schreiber > Priority: Major > Fix For: 1.50.0 > > > Oak default authorization setup allows to configure paths that are always > readable, which by default applies to namespaces, node types and privileges. > Today {{AccessControlManager.getEffectivePolicies(String path)}} includes a > {{NamedAccessControllPolicy}} if the path refers to a node where this > read-policy is configured. > In contrast {{JackrabbitAccessControlManager.getEffectivePolicies(Set > principals)}} does not include it. Obviously this ReadPolicy applies for > every set of principals. > However, for consistency and to avoid confusion the > {{NamedAccessControllPolicy}} should be included in the set if the editing > session has sufficient permission on any of the configured paths. > Note: filed this as improvement request (and not a bug) because > getEffectivePolicy is specified to be a best-effort method. -- This message was sent by Atlassian Jira (v8.20.10#820010)