[jira] [Commented] (OAK-8858) Build Jackrabbit Oak #2564 failed
[ https://issues.apache.org/jira/browse/OAK-8858?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17015681#comment-17015681 ] Hudson commented on OAK-8858: - Previously failing build now is OK. Passed run: [Jackrabbit Oak #2565|https://builds.apache.org/job/Jackrabbit%20Oak/2565/] [console log|https://builds.apache.org/job/Jackrabbit%20Oak/2565/console] > Build Jackrabbit Oak #2564 failed > - > > Key: OAK-8858 > URL: https://issues.apache.org/jira/browse/OAK-8858 > Project: Jackrabbit Oak > Issue Type: Bug > Components: continuous integration >Reporter: Hudson >Priority: Major > > No description is provided > The build Jackrabbit Oak #2564 has failed. > First failed run: [Jackrabbit Oak > #2564|https://builds.apache.org/job/Jackrabbit%20Oak/2564/] [console > log|https://builds.apache.org/job/Jackrabbit%20Oak/2564/console] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (OAK-8780) Remove the synchronized block on the FSBackend
[ https://issues.apache.org/jira/browse/OAK-8780?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Amit Jain resolved OAK-8780. Fix Version/s: 1.24.0 Resolution: Fixed Thanks [~ankitaagar] for the contribution Committed on trunk [1872803|http://svn.apache.org/viewvc?rev=1872803=rev] > Remove the synchronized block on the FSBackend > -- > > Key: OAK-8780 > URL: https://issues.apache.org/jira/browse/OAK-8780 > Project: Jackrabbit Oak > Issue Type: Bug >Reporter: Ankita Agarwal >Assignee: Amit Jain >Priority: Major > Fix For: 1.24.0 > > > Initial upload requests are all within 5sec. Once the upload staging cache is > getting filled up the response time of upload request gets degraded. Only > one thread at a time is runnable and rest remains in blocked state after > upload staging cache fills up -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Assigned] (OAK-8780) Remove the synchronized block on the FSBackend
[ https://issues.apache.org/jira/browse/OAK-8780?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Amit Jain reassigned OAK-8780: -- Assignee: Amit Jain > Remove the synchronized block on the FSBackend > -- > > Key: OAK-8780 > URL: https://issues.apache.org/jira/browse/OAK-8780 > Project: Jackrabbit Oak > Issue Type: Bug >Reporter: Ankita Agarwal >Assignee: Amit Jain >Priority: Major > > Initial upload requests are all within 5sec. Once the upload staging cache is > getting filled up the response time of upload request gets degraded. Only > one thread at a time is runnable and rest remains in blocked state after > upload staging cache fills up -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Comment Edited] (OAK-8855) Permission evaluation of nodes broken after :nestedCug removed from parent node
[ https://issues.apache.org/jira/browse/OAK-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17015007#comment-17015007 ] Kunal Shubham edited comment on OAK-8855 at 1/15/20 4:52 AM: - Please review and merge: [https://github.com/kunal3112/jackrabbit-oak/commit/abe9d8e289e829efd5d00d5a36a46de52bd8574a] Patch also attached. was (Author: kunal3112): Please review and merge: [https://github.com/kunal3112/jackrabbit-oak/commit/abe9d8e289e829efd5d00d5a36a46de52bd8574a] Patch also attached. > Permission evaluation of nodes broken after :nestedCug removed from parent > node > --- > > Key: OAK-8855 > URL: https://issues.apache.org/jira/browse/OAK-8855 > Project: Jackrabbit Oak > Issue Type: Bug > Components: authorization-cug >Reporter: Kunal Shubham >Priority: Major > Attachments: 0001-Fix-nestedcug-permission-issue.patch > > > Steps to Reproduce: > # Create a node 'a' which has two children nodes 'b1' and 'b2'. The content > tree looks as shown: /content/a/b1, /content/a/b2. Create two users user1 and > user2. > # Apply CUG policy on /content/a. > ** Authorize user1 and user2 to read /content/a. > ** Authorize user1 to read /content/a/b1. > ** Authorize user2 to read /content/a/b2. > # Remove :nestedCugs property from /content/a/rep:cugPolicy. > # Create a content session, login with user2. Try to read /content/a/b1. > *Observed behavior* : user2 is able to read /content/a/b1. > *Expected behavior* : user2 should not be able to read /content/a/b1 as it is > unauthorized to do so. > Please note that :nestedCugs is removed by a mechanism which completely > overwrites content tree below "/content/a". -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Comment Edited] (OAK-8855) Permission evaluation of nodes broken after :nestedCug removed from parent node
[
https://issues.apache.org/jira/browse/OAK-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17015025#comment-17015025
]
Kunal Shubham edited comment on OAK-8855 at 1/15/20 4:52 AM:
-
Before :nestedCugs is removed from /content/a/rep:cugPolicy, the permissions
for user2 on different nodes:
||Node||isAllow||hasNested||
|/content/a|T|T|
|/content/a/b1|F|F|
|/content/a/b2|T|F|
After :nestedCugs is removed from /content/a/rep:cugPolicy, the permissions
for user2:
||Node||isAllow||hasNested||
|*/content/a*|*T*|{color:#ff}*F*{color}|
|/content/a/b1|F|F|
|/content/a/b2|T|F|
Now when a read request for /content/a/b1 by user2, first it is checked if the
parent of 'b1' is nested or not. The neverNested method [1] erroneously returns
true. This causes user2 to use its parent's permissions, erroneously giving it
read access to /content/a/b1.
The patch fixes this by restoring :nestedCugs back in rep:cugPolicy.
[1]
[https://github.com/apache/jackrabbit-oak/blob/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugTreePermission.java#L77-L100]
was (Author: kunal3112):
Before :nestedCugs is removed from /content/a/rep:cugPolicy, the permissions
for user2 on different nodes:
||Node||isAllow||hasNested||
|/content/a|T|T|
|/content/a/b1|F|F|
|/content/a/b2|T|F|
After :nestedCugs is removed from /content/a/rep:cugPolicy, the permissions for
user2:
||Node||isAllow||hasNested||
|*/content/a*|*Y*|{color:#FF}*N*{color}|
|/content/a/b1|N|N|
|/content/a/b2|Y|N|
Now when a read request for /content/a/b1 by user2, first it is checked if the
parent of 'b1' is nested or not. The neverNested method [1] erroneously returns
true. This causes user2 to use its parent's permissions, erroneously giving
read access to user2.
The patch fixes this by restoring :nestedCugs back in rep:cugPolicy.
[1]
[https://github.com/apache/jackrabbit-oak/blob/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugTreePermission.java#L77-L100]
> Permission evaluation of nodes broken after :nestedCug removed from parent
> node
> ---
>
> Key: OAK-8855
> URL: https://issues.apache.org/jira/browse/OAK-8855
> Project: Jackrabbit Oak
> Issue Type: Bug
> Components: authorization-cug
>Reporter: Kunal Shubham
>Priority: Major
> Attachments: 0001-Fix-nestedcug-permission-issue.patch
>
>
> Steps to Reproduce:
> # Create a node 'a' which has two children nodes 'b1' and 'b2'. The content
> tree looks as shown: /content/a/b1, /content/a/b2. Create two users user1 and
> user2.
> # Apply CUG policy on /content/a.
> ** Authorize user1 and user2 to read /content/a.
> ** Authorize user1 to read /content/a/b1.
> ** Authorize user2 to read /content/a/b2.
> # Remove :nestedCugs property from /content/a/rep:cugPolicy.
> # Create a content session, login with user2. Try to read /content/a/b1.
> *Observed behavior* : user2 is able to read /content/a/b1.
> *Expected behavior* : user2 should not be able to read /content/a/b1 as it is
> unauthorized to do so.
> Please note that :nestedCugs is removed by a mechanism which completely
> overwrites content tree below "/content/a".
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Comment Edited] (OAK-8857) wrap shaded Guava for internal use
[ https://issues.apache.org/jira/browse/OAK-8857?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17015318#comment-17015318 ] Julian Reschke edited comment on OAK-8857 at 1/14/20 7:03 PM: -- I did work on a poc (incomplete: [^OAK-8857.diff] ), just converting oak-jcr. Most changes could be automated. Converting sub projects separately only works the google API does not appear in a method signature across projects. To simplify things, it might be good to first eliminate all uses of Guava that can be trivially done with JDK methods instead. was (Author: reschke): I did work on a poc, just converting oak-jcr. Most changes could be automated. Converting sub projects separately only works the google API does not appear in a method signature across projects. To simplify things, it might be good to first eliminate all uses of Guava that can be trivially done with JDK methods instead. > wrap shaded Guava for internal use > -- > > Key: OAK-8857 > URL: https://issues.apache.org/jira/browse/OAK-8857 > Project: Jackrabbit Oak > Issue Type: Technical task > Components: parent >Reporter: Julian Reschke >Assignee: Julian Reschke >Priority: Major > Attachments: OAK-8857.diff, pom.xml > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OAK-8857) wrap shaded Guava for internal use
[ https://issues.apache.org/jira/browse/OAK-8857?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Julian Reschke updated OAK-8857: Attachment: OAK-8857.diff > wrap shaded Guava for internal use > -- > > Key: OAK-8857 > URL: https://issues.apache.org/jira/browse/OAK-8857 > Project: Jackrabbit Oak > Issue Type: Technical task > Components: parent >Reporter: Julian Reschke >Assignee: Julian Reschke >Priority: Major > Attachments: OAK-8857.diff, pom.xml > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OAK-8857) wrap shaded Guava for internal use
[ https://issues.apache.org/jira/browse/OAK-8857?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17015318#comment-17015318 ] Julian Reschke commented on OAK-8857: - I did work on a poc, just converting oak-jcr. Most changes could be automated. Converting sub projects separately only works the google API does not appear in a method signature across projects. To simplify things, it might be good to first eliminate all uses of Guava that can be trivially done with JDK methods instead. > wrap shaded Guava for internal use > -- > > Key: OAK-8857 > URL: https://issues.apache.org/jira/browse/OAK-8857 > Project: Jackrabbit Oak > Issue Type: Technical task > Components: parent >Reporter: Julian Reschke >Assignee: Julian Reschke >Priority: Major > Attachments: OAK-8857.diff, pom.xml > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Assigned] (OAK-6632) [upgrade] oak-upgrade should support azure blobstorage
[ https://issues.apache.org/jira/browse/OAK-6632?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tomek Rękawek reassigned OAK-6632: -- Assignee: Tomek Rękawek > [upgrade] oak-upgrade should support azure blobstorage > -- > > Key: OAK-6632 > URL: https://issues.apache.org/jira/browse/OAK-6632 > Project: Jackrabbit Oak > Issue Type: Improvement > Components: upgrade >Reporter: Raul Hudea >Assignee: Tomek Rękawek >Priority: Major > Labels: azureblob > Attachments: oak-upgrade-azureblob-tb.patch > > > oak-upgrade should support azuredatastore in addition to s3 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OAK-6632) [upgrade] oak-upgrade should support azure blobstorage
[ https://issues.apache.org/jira/browse/OAK-6632?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17015108#comment-17015108 ] Tom Blackford commented on OAK-6632: Hi [~tomek.rekawek] Attaching a patch [^oak-upgrade-azureblob-tb.patch] to add this support and adding test cases for the various scenarios (as with the S3-related tests, these are skipped unless Auzre config is provided). I took the advice above and made sure that the 'src-azuredatastore' was not required; if no path is provided either explicitly (via 'src-azuredatastore' or via the 'path' property in the azure config), the tests check that that the value of 'java.io.tmpdir' is used instead. Hope this is ok - let me know if you'd like any further changes / tests. > [upgrade] oak-upgrade should support azure blobstorage > -- > > Key: OAK-6632 > URL: https://issues.apache.org/jira/browse/OAK-6632 > Project: Jackrabbit Oak > Issue Type: Improvement > Components: upgrade >Reporter: Raul Hudea >Priority: Major > Labels: azureblob > Attachments: oak-upgrade-azureblob-tb.patch > > > oak-upgrade should support azuredatastore in addition to s3 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OAK-6632) [upgrade] oak-upgrade should support azure blobstorage
[ https://issues.apache.org/jira/browse/OAK-6632?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tom Blackford updated OAK-6632: --- Attachment: oak-upgrade-azureblob-tb.patch > [upgrade] oak-upgrade should support azure blobstorage > -- > > Key: OAK-6632 > URL: https://issues.apache.org/jira/browse/OAK-6632 > Project: Jackrabbit Oak > Issue Type: Improvement > Components: upgrade >Reporter: Raul Hudea >Priority: Major > Labels: azureblob > Attachments: oak-upgrade-azureblob-tb.patch > > > oak-upgrade should support azuredatastore in addition to s3 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (OAK-8858) Build Jackrabbit Oak #2564 failed
Hudson created OAK-8858: --- Summary: Build Jackrabbit Oak #2564 failed Key: OAK-8858 URL: https://issues.apache.org/jira/browse/OAK-8858 Project: Jackrabbit Oak Issue Type: Bug Components: continuous integration Reporter: Hudson No description is provided The build Jackrabbit Oak #2564 has failed. First failed run: [Jackrabbit Oak #2564|https://builds.apache.org/job/Jackrabbit%20Oak/2564/] [console log|https://builds.apache.org/job/Jackrabbit%20Oak/2564/console] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OAK-8857) wrap shaded Guava for internal use
[ https://issues.apache.org/jira/browse/OAK-8857?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17015085#comment-17015085 ] Julian Reschke commented on OAK-8857: - wip: [^pom.xml] > wrap shaded Guava for internal use > -- > > Key: OAK-8857 > URL: https://issues.apache.org/jira/browse/OAK-8857 > Project: Jackrabbit Oak > Issue Type: Technical task > Components: parent >Reporter: Julian Reschke >Assignee: Julian Reschke >Priority: Major > Attachments: pom.xml > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OAK-8857) wrap shaded Guava for internal use
[ https://issues.apache.org/jira/browse/OAK-8857?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Julian Reschke updated OAK-8857: Attachment: pom.xml > wrap shaded Guava for internal use > -- > > Key: OAK-8857 > URL: https://issues.apache.org/jira/browse/OAK-8857 > Project: Jackrabbit Oak > Issue Type: Technical task > Components: parent >Reporter: Julian Reschke >Assignee: Julian Reschke >Priority: Major > Attachments: pom.xml > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (OAK-8857) wrap shaded Guava for internal use
Julian Reschke created OAK-8857: --- Summary: wrap shaded Guava for internal use Key: OAK-8857 URL: https://issues.apache.org/jira/browse/OAK-8857 Project: Jackrabbit Oak Issue Type: Technical task Components: parent Reporter: Julian Reschke Assignee: Julian Reschke Attachments: pom.xml -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OAK-8855) Permission evaluation of nodes broken after :nestedCug removed from parent node
[
https://issues.apache.org/jira/browse/OAK-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17015025#comment-17015025
]
Kunal Shubham commented on OAK-8855:
Before :nestedCugs is removed from /content/a/rep:cugPolicy, the permissions
for user2 on different nodes:
||Node||isAllow||hasNested||
|/content/a|T|T|
|/content/a/b1|F|F|
|/content/a/b2|T|F|
After :nestedCugs is removed from /content/a/rep:cugPolicy, the permissions for
user2:
||Node||isAllow||hasNested||
|*/content/a*|*Y*|{color:#FF}*N*{color}|
|/content/a/b1|N|N|
|/content/a/b2|Y|N|
Now when a read request for /content/a/b1 by user2, first it is checked if the
parent of 'b1' is nested or not. The neverNested method [1] erroneously returns
true. This causes user2 to use its parent's permissions, erroneously giving
read access to user2.
The patch fixes this by restoring :nestedCugs back in rep:cugPolicy.
[1]
[https://github.com/apache/jackrabbit-oak/blob/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugTreePermission.java#L77-L100]
> Permission evaluation of nodes broken after :nestedCug removed from parent
> node
> ---
>
> Key: OAK-8855
> URL: https://issues.apache.org/jira/browse/OAK-8855
> Project: Jackrabbit Oak
> Issue Type: Bug
> Components: authorization-cug
>Reporter: Kunal Shubham
>Priority: Major
> Attachments: 0001-Fix-nestedcug-permission-issue.patch
>
>
> Steps to Reproduce:
> # Create a node 'a' which has two children nodes 'b1' and 'b2'. The content
> tree looks as shown: /content/a/b1, /content/a/b2. Create two users user1 and
> user2.
> # Apply CUG policy on /content/a.
> ** Authorize user1 and user2 to read /content/a.
> ** Authorize user1 to read /content/a/b1.
> ** Authorize user2 to read /content/a/b2.
> # Remove :nestedCugs property from /content/a/rep:cugPolicy.
> # Create a content session, login with user2. Try to read /content/a/b1.
> *Observed behavior* : user2 is able to read /content/a/b1.
> *Expected behavior* : user2 should not be able to read /content/a/b1 as it is
> unauthorized to do so.
> Please note that :nestedCugs is removed by a mechanism which completely
> overwrites content tree below "/content/a".
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (OAK-8856) Update httpcore dependency to 4.4.13
[ https://issues.apache.org/jira/browse/OAK-8856?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Julian Reschke updated OAK-8856: Labels: candidate_oak_1_10 (was: ) > Update httpcore dependency to 4.4.13 > > > Key: OAK-8856 > URL: https://issues.apache.org/jira/browse/OAK-8856 > Project: Jackrabbit Oak > Issue Type: Task > Components: parent >Reporter: Julian Reschke >Assignee: Julian Reschke >Priority: Minor > Labels: candidate_oak_1_10 > Fix For: 1.24.0 > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OAK-8856) Update httpcore dependency to 4.4.13
[ https://issues.apache.org/jira/browse/OAK-8856?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17015026#comment-17015026 ] Julian Reschke commented on OAK-8856: - trunk: [r1872769|http://svn.apache.org/r1872769] > Update httpcore dependency to 4.4.13 > > > Key: OAK-8856 > URL: https://issues.apache.org/jira/browse/OAK-8856 > Project: Jackrabbit Oak > Issue Type: Task > Components: parent >Reporter: Julian Reschke >Assignee: Julian Reschke >Priority: Minor > Labels: candidate_oak_1_10 > Fix For: 1.24.0 > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (OAK-8856) Update httpcore dependency to 4.4.13
Julian Reschke created OAK-8856: --- Summary: Update httpcore dependency to 4.4.13 Key: OAK-8856 URL: https://issues.apache.org/jira/browse/OAK-8856 Project: Jackrabbit Oak Issue Type: Task Components: parent Reporter: Julian Reschke Assignee: Julian Reschke Fix For: 1.24.0 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Comment Edited] (OAK-8855) Permission evaluation of nodes broken after :nestedCug removed from parent node
[ https://issues.apache.org/jira/browse/OAK-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17015007#comment-17015007 ] Kunal Shubham edited comment on OAK-8855 at 1/14/20 11:01 AM: -- Please review and merge: [https://github.com/kunal3112/jackrabbit-oak/commit/abe9d8e289e829efd5d00d5a36a46de52bd8574a] Patch also attached. was (Author: kunal3112): Please review and merge: [https://github.com/kunal3112/jackrabbit-oak/commit/abe9d8e289e829efd5d00d5a36a46de52bd8574a] > Permission evaluation of nodes broken after :nestedCug removed from parent > node > --- > > Key: OAK-8855 > URL: https://issues.apache.org/jira/browse/OAK-8855 > Project: Jackrabbit Oak > Issue Type: Bug > Components: authorization-cug >Reporter: Kunal Shubham >Priority: Major > Attachments: 0001-Fix-nestedcug-permission-issue.patch > > > Steps to Reproduce: > # Create a node 'a' which has two children nodes 'b1' and 'b2'. The content > tree looks as shown: /content/a/b1, /content/a/b2. Create two users user1 and > user2. > # Apply CUG policy on /content/a. > ** Authorize user1 and user2 to read /content/a. > ** Authorize user1 to read /content/a/b1. > ** Authorize user2 to read /content/a/b2. > # Remove :nestedCugs property from /content/a/rep:cugPolicy. > # Create a content session, login with user2. Try to read /content/a/b1. > *Observed behavior* : user2 is able to read /content/a/b1. > *Expected behavior* : user2 should not be able to read /content/a/b1 as it is > unauthorized to do so. > Please note that :nestedCugs is removed by a mechanism which completely > overwrites content tree below "/content/a". -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OAK-8855) Permission evaluation of nodes broken after :nestedCug removed from parent node
[ https://issues.apache.org/jira/browse/OAK-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kunal Shubham updated OAK-8855: --- Attachment: 0001-Fix-nestedcug-permission-issue.patch > Permission evaluation of nodes broken after :nestedCug removed from parent > node > --- > > Key: OAK-8855 > URL: https://issues.apache.org/jira/browse/OAK-8855 > Project: Jackrabbit Oak > Issue Type: Bug > Components: authorization-cug >Reporter: Kunal Shubham >Priority: Major > Attachments: 0001-Fix-nestedcug-permission-issue.patch > > > Steps to Reproduce: > # Create a node 'a' which has two children nodes 'b1' and 'b2'. The content > tree looks as shown: /content/a/b1, /content/a/b2. Create two users user1 and > user2. > # Apply CUG policy on /content/a. > ** Authorize user1 and user2 to read /content/a. > ** Authorize user1 to read /content/a/b1. > ** Authorize user2 to read /content/a/b2. > # Remove :nestedCugs property from /content/a/rep:cugPolicy. > # Create a content session, login with user2. Try to read /content/a/b1. > *Observed behavior* : user2 is able to read /content/a/b1. > *Expected behavior* : user2 should not be able to read /content/a/b1 as it is > unauthorized to do so. > Please note that :nestedCugs is removed by a mechanism which completely > overwrites content tree below "/content/a". -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OAK-8855) Permission evaluation of nodes broken after :nestedCug removed from parent node
[ https://issues.apache.org/jira/browse/OAK-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17015007#comment-17015007 ] Kunal Shubham commented on OAK-8855: Please review and merge: [https://github.com/kunal3112/jackrabbit-oak/commit/abe9d8e289e829efd5d00d5a36a46de52bd8574a] > Permission evaluation of nodes broken after :nestedCug removed from parent > node > --- > > Key: OAK-8855 > URL: https://issues.apache.org/jira/browse/OAK-8855 > Project: Jackrabbit Oak > Issue Type: Bug > Components: authorization-cug >Reporter: Kunal Shubham >Priority: Major > > Steps to Reproduce: > # Create a node 'a' which has two children nodes 'b1' and 'b2'. The content > tree looks as shown: /content/a/b1, /content/a/b2. Create two users user1 and > user2. > # Apply CUG policy on /content/a. > ** Authorize user1 and user2 to read /content/a. > ** Authorize user1 to read /content/a/b1. > ** Authorize user2 to read /content/a/b2. > # Remove :nestedCugs property from /content/a/rep:cugPolicy. > # Create a content session, login with user2. Try to read /content/a/b1. > *Observed behavior* : user2 is able to read /content/a/b1. > *Expected behavior* : user2 should not be able to read /content/a/b1 as it is > unauthorized to do so. > Please note that :nestedCugs is removed by a mechanism which completely > overwrites content tree below "/content/a". -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (OAK-8855) Permission evaluation of nodes broken after :nestedCug removed from parent node
Kunal Shubham created OAK-8855: -- Summary: Permission evaluation of nodes broken after :nestedCug removed from parent node Key: OAK-8855 URL: https://issues.apache.org/jira/browse/OAK-8855 Project: Jackrabbit Oak Issue Type: Bug Components: authorization-cug Reporter: Kunal Shubham Steps to Reproduce: # Create a node 'a' which has two children nodes 'b1' and 'b2'. The content tree looks as shown: /content/a/b1, /content/a/b2. Create two users user1 and user2. # Apply CUG policy on /content/a. ** Authorize user1 and user2 to read /content/a. ** Authorize user1 to read /content/a/b1. ** Authorize user2 to read /content/a/b2. # Remove :nestedCugs property from /content/a/rep:cugPolicy. # Create a content session, login with user2. Try to read /content/a/b1. *Observed behavior* : user2 is able to read /content/a/b1. *Expected behavior* : user2 should not be able to read /content/a/b1 as it is unauthorized to do so. Please note that :nestedCugs is removed by a mechanism which completely overwrites content tree below "/content/a". -- This message was sent by Atlassian Jira (v8.3.4#803005)
