[jira] [Assigned] (OAK-2933) AccessDenied when modifying transiently moved item with too many ACEs
[
https://issues.apache.org/jira/browse/OAK-2933?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
angela reassigned OAK-2933:
---
Assignee: angela
> AccessDenied when modifying transiently moved item with too many ACEs
> -
>
> Key: OAK-2933
> URL: https://issues.apache.org/jira/browse/OAK-2933
> Project: Jackrabbit Oak
> Issue Type: Bug
> Components: security
>Affects Versions: 1.0.13
>Reporter: Tobias Bocanegra
>Assignee: angela
>
> If at least the following preconditions are fulfilled, saving a moved item
> fails with access denied:
> 1. there are more PermissionEntries in the PermissionEntryCache than the
> configured EagerCacheSize
> 2. an node is moved to a location where the user has write access through a
> group membership
> 3. a property is added to the transiently moved item
> For example:
> 1. set the *eagerCacheSize* to '0'
> 2. create new group *testgroup* and user *testuser*
> 3. make *testuser* member of *testgroup*
> 4. create nodes {{/testroot/a}} and {{/testroot/a/b}} and {{/testroot/a/c}}
> 5. allow *testgroup* {{rep:write}} on {{/testroot/a}}
> 6. as *testuser* create {{/testroot/a/b/item}} (to verify that the user has
> write access)
> 7. as *testuser* move {{/testroot/a/b/item}} to {{/testroot/a/c/item}}
> 8. {{save()}} -> works
> 9. as *testuser* move {{/testroot/a/c/item}} back to {{/testroot/a/b/item}}
> AND add new property to the transient {{/testroot/a/b/item}}
> 10. {{save()}} -> access denied
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Assigned] (OAK-2933) AccessDenied when modifying transiently moved item with too many ACEs
[
https://issues.apache.org/jira/browse/OAK-2933?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tobias Bocanegra reassigned OAK-2933:
-
Assignee: Tobias Bocanegra
> AccessDenied when modifying transiently moved item with too many ACEs
> -
>
> Key: OAK-2933
> URL: https://issues.apache.org/jira/browse/OAK-2933
> Project: Jackrabbit Oak
> Issue Type: Bug
> Components: security
>Affects Versions: 1.0.13
>Reporter: Tobias Bocanegra
>Assignee: Tobias Bocanegra
>
> If at least the following preconditions are fulfilled, saving a moved item
> fails with access denied:
> 1. there are more PermissionEntries in the PermissionEntryCache than the
> configured EagerCacheSize
> 2. an node is moved to a location where the user has write access through a
> group membership
> 3. a property is added to the transiently moved item
> For example:
> 1. set the *eagerCacheSize* to '0'
> 2. create new group *testgroup* and user *testuser*
> 3. make *testuser* member of *testgroup*
> 4. create nodes {{/testroot/a}} and {{/testroot/a/b}} and {{/testroot/a/c}}
> 5. allow *testgroup* {{rep:write}} on {{/testroot/a}}
> 6. as *testuser* create {{/testroot/a/b/item}} (to verify that the user has
> write access)
> 7. as *testuser* move {{/testroot/a/b/item}} to {{/testroot/a/c/item}}
> 8. {{save()}} -> works
> 9. as *testuser* move {{/testroot/a/c/item}} back to {{/testroot/a/b/item}}
> AND add new property to the transient {{/testroot/a/b/item}}
> 10. {{save()}} -> access denied
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
