[
https://issues.apache.org/jira/browse/OAK-10135?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Angela Schreiber resolved OAK-10135.
------------------------------------
Resolution: Fixed
> JackrabbitAccessControlManager.getEffectivePolicies(Set principals) should
> include ReadPolicy
> ---------------------------------------------------------------------------------------------
>
> Key: OAK-10135
> URL: https://issues.apache.org/jira/browse/OAK-10135
> Project: Jackrabbit Oak
> Issue Type: Improvement
> Components: authorization-principalbased, core, security,
> security-spi
> Reporter: Angela Schreiber
> Assignee: Angela Schreiber
> Priority: Major
> Fix For: 1.50.0
>
>
> Oak default authorization setup allows to configure paths that are always
> readable, which by default applies to namespaces, node types and privileges.
> Today {{AccessControlManager.getEffectivePolicies(String path)}} includes a
> {{NamedAccessControllPolicy}} if the path refers to a node where this
> read-policy is configured.
> In contrast {{JackrabbitAccessControlManager.getEffectivePolicies(Set
> principals)}} does not include it. Obviously this ReadPolicy applies for
> every set of principals.
> However, for consistency and to avoid confusion the
> {{NamedAccessControllPolicy}} should be included in the set if the editing
> session has sufficient permission on any of the configured paths.
> Note: filed this as improvement request (and not a bug) because
> getEffectivePolicy is specified to be a best-effort method.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
