[jira] [Assigned] (OAK-2933) AccessDenied when modifying transiently moved item with too many ACEs
[ https://issues.apache.org/jira/browse/OAK-2933?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] angela reassigned OAK-2933: --- Assignee: angela > AccessDenied when modifying transiently moved item with too many ACEs > - > > Key: OAK-2933 > URL: https://issues.apache.org/jira/browse/OAK-2933 > Project: Jackrabbit Oak > Issue Type: Bug > Components: security >Affects Versions: 1.0.13 >Reporter: Tobias Bocanegra >Assignee: angela > > If at least the following preconditions are fulfilled, saving a moved item > fails with access denied: > 1. there are more PermissionEntries in the PermissionEntryCache than the > configured EagerCacheSize > 2. an node is moved to a location where the user has write access through a > group membership > 3. a property is added to the transiently moved item > For example: > 1. set the *eagerCacheSize* to '0' > 2. create new group *testgroup* and user *testuser* > 3. make *testuser* member of *testgroup* > 4. create nodes {{/testroot/a}} and {{/testroot/a/b}} and {{/testroot/a/c}} > 5. allow *testgroup* {{rep:write}} on {{/testroot/a}} > 6. as *testuser* create {{/testroot/a/b/item}} (to verify that the user has > write access) > 7. as *testuser* move {{/testroot/a/b/item}} to {{/testroot/a/c/item}} > 8. {{save()}} -> works > 9. as *testuser* move {{/testroot/a/c/item}} back to {{/testroot/a/b/item}} > AND add new property to the transient {{/testroot/a/b/item}} > 10. {{save()}} -> access denied -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Assigned] (OAK-2933) AccessDenied when modifying transiently moved item with too many ACEs
[ https://issues.apache.org/jira/browse/OAK-2933?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tobias Bocanegra reassigned OAK-2933: - Assignee: Tobias Bocanegra > AccessDenied when modifying transiently moved item with too many ACEs > - > > Key: OAK-2933 > URL: https://issues.apache.org/jira/browse/OAK-2933 > Project: Jackrabbit Oak > Issue Type: Bug > Components: security >Affects Versions: 1.0.13 >Reporter: Tobias Bocanegra >Assignee: Tobias Bocanegra > > If at least the following preconditions are fulfilled, saving a moved item > fails with access denied: > 1. there are more PermissionEntries in the PermissionEntryCache than the > configured EagerCacheSize > 2. an node is moved to a location where the user has write access through a > group membership > 3. a property is added to the transiently moved item > For example: > 1. set the *eagerCacheSize* to '0' > 2. create new group *testgroup* and user *testuser* > 3. make *testuser* member of *testgroup* > 4. create nodes {{/testroot/a}} and {{/testroot/a/b}} and {{/testroot/a/c}} > 5. allow *testgroup* {{rep:write}} on {{/testroot/a}} > 6. as *testuser* create {{/testroot/a/b/item}} (to verify that the user has > write access) > 7. as *testuser* move {{/testroot/a/b/item}} to {{/testroot/a/c/item}} > 8. {{save()}} -> works > 9. as *testuser* move {{/testroot/a/c/item}} back to {{/testroot/a/b/item}} > AND add new property to the transient {{/testroot/a/b/item}} > 10. {{save()}} -> access denied -- This message was sent by Atlassian JIRA (v6.3.4#6332)