[jira] [Commented] (OAK-6015) ACL of versioned node can be modified without checking in the node
[ https://issues.apache.org/jira/browse/OAK-6015?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15953206#comment-15953206 ] Marco Piovesana commented on OAK-6015: -- Yes I'm sorry, I wrote checkin instead of checkout. I'm updating title and description right away. Marco. > ACL of versioned node can be modified without checking in the node > -- > > Key: OAK-6015 > URL: https://issues.apache.org/jira/browse/OAK-6015 > Project: Jackrabbit Oak > Issue Type: Bug > Components: core >Affects Versions: 1.6.0 >Reporter: Marco Piovesana > > On a versione node _nodeA_ i can do: > {{AccessControlUtils.clear(nodeA, userPrincipal)}} > without having to checkin the node. > After saving the session I tried to login as _userPrincipal_ and I couldn't > find _nodeA_, so it seems that the clear operation did work even if the node > was checked-out. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (OAK-6015) ACL of versioned node can be modified without checking in the node
[ https://issues.apache.org/jira/browse/OAK-6015?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15953109#comment-15953109 ] angela commented on OAK-6015: - [~iosonomarco], the subject/description is confusing... don't you mean to say that the node is checked-in and it still works? so, 'without checking _out_ the node'? if the node is checked out writing is possible in the first place... it's only the checked-in state that should be read only. please clarify. > ACL of versioned node can be modified without checking in the node > -- > > Key: OAK-6015 > URL: https://issues.apache.org/jira/browse/OAK-6015 > Project: Jackrabbit Oak > Issue Type: Bug > Components: core >Affects Versions: 1.6.0 >Reporter: Marco Piovesana > > On a versione node _nodeA_ i can do: > {{AccessControlUtils.clear(nodeA, userPrincipal)}} > without having to checkin the node. > After saving the session I tried to login as _userPrincipal_ and I couldn't > find _nodeA_, so it seems that the clear operation did work even if the node > was checked-out. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (OAK-6015) ACL of versioned node can be modified without checking in the node
[ https://issues.apache.org/jira/browse/OAK-6015?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15953102#comment-15953102 ] Marco Piovesana commented on OAK-6015: -- Sure, in the test I first grant to "testUser" some privileges and then i try to clear them without checking out the node: {code:title=ACLErrorTest.java|borderStyle=solid} @Test(expected = VersionException.class) public void shouldFailWhenTryingToChangeNodeSharestOnCheckedOutNode() throws IOException, RepositoryException, InvalidFileStoreVersionException { File driveFile = new File("/tmp/oakTest", "oakrepo"); File repositoryFile = new File(driveFile, "repository"); File dataStoreFile = new File(driveFile, "datastore"); BlobStore blobStore = new FileBlobStore(dataStoreFile.getAbsolutePath()); FileStore fileStore = FileStoreBuilder.fileStoreBuilder(repositoryFile).withBlobStore(blobStore).build(); SegmentNodeStore segmentNodeStore = SegmentNodeStoreBuilders.builder(fileStore).build(); Jcr jcr = new Jcr(segmentNodeStore).with(new InitialContent()).with(new SecurityProviderImpl()); Repository repository = jcr.createRepository(); Session session = repository.login(ADMIN_CREDENTIALS); User user = ((JackrabbitSession) session).getUserManager().createUser("testUser", "testUser", new PrincipalImpl("testUser"), null); session.save(); VersionManager versionManager = session.getWorkspace().getVersionManager(); Node testFolder = JcrUtils.getOrAddNode(session.getRootNode(), "myfile", JcrConstants.NT_FOLDER); testFolder.addMixin(JcrConstants.MIX_VERSIONABLE); session.save(); versionManager.checkout(testFolder.getPath()); versionManager.checkin(testFolder.getPath()); versionManager.checkout(testFolder.getPath()); AccessControlUtils.addAccessControlEntry(testFolder.getSession(), testFolder.getPath(), user.getPrincipal(), new String[]{Privilege.JCR_ALL}, true); session.save(); versionManager.checkin(testFolder.getPath()); AccessControlUtils.clear(testFolder, user.getPrincipal().getName()); session.save(); session.logout(); repositoryStore.close(); ((JackrabbitRepository) repository).shutdown(); } {code} > ACL of versioned node can be modified without checking in the node > -- > > Key: OAK-6015 > URL: https://issues.apache.org/jira/browse/OAK-6015 > Project: Jackrabbit Oak > Issue Type: Bug > Components: core >Affects Versions: 1.6.0 >Reporter: Marco Piovesana > > On a versione node _nodeA_ i can do: > {{AccessControlUtils.clear(nodeA, userPrincipal)}} > without having to checkin the node. > After saving the session I tried to login as _userPrincipal_ and I couldn't > find _nodeA_, so it seems that the clear operation did work even if the node > was checked-out. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (OAK-6015) ACL of versioned node can be modified without checking in the node
[ https://issues.apache.org/jira/browse/OAK-6015?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15953089#comment-15953089 ] Marcel Reutegger commented on OAK-6015: --- Can you please attach a test that reproduces the issue? > ACL of versioned node can be modified without checking in the node > -- > > Key: OAK-6015 > URL: https://issues.apache.org/jira/browse/OAK-6015 > Project: Jackrabbit Oak > Issue Type: Bug > Components: core >Affects Versions: 1.6.0 >Reporter: Marco Piovesana > > On a versione node _nodeA_ i can do: > {{AccessControlUtils.clear(nodeA, userPrincipal)}} > without having to checkin the node. > After saving the session I tried to login as _userPrincipal_ and I couldn't > find _nodeA_, so it seems that the clear operation did work even if the node > was checked-out. -- This message was sent by Atlassian JIRA (v6.3.15#6346)