[jira] [Updated] (OAK-5931) Inconsistent behaviour when removing nodes with rep:policy subnodes for users without modify ACL permissions
[ https://issues.apache.org/jira/browse/OAK-5931?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] angela updated OAK-5931: Fix Version/s: (was: 1.8) > Inconsistent behaviour when removing nodes with rep:policy subnodes for > users without modify ACL permissions > - > > Key: OAK-5931 > URL: https://issues.apache.org/jira/browse/OAK-5931 > Project: Jackrabbit Oak > Issue Type: Bug > Components: core >Affects Versions: 1.4.14, 1.6.1 >Reporter: Tom Blackford >Assignee: angela > Attachments: ACLTest.java > > > If a session (without rep:modifyAccessControl) removes a node with a > rep:policy subnode and then recreates it within the same save (without the > rep:policy subnode) the commit diff will mistake the action for the removal > of the ACL, which this session is not authorised to do. > If the session is saved prior to recreating the node, both saves (after > remove and after recreate) will succeed. > From discussion with angela: > {quote} > the diff mechanism used within Root.commit cannot distinguish between the > removal of a policy or the replace of the access controlled node with one > that doesn't have the policy set. within that diff it looks like the removal > of the policy node > {quote} -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Updated] (OAK-5931) Inconsistent behaviour when removing nodes with rep:policy subnodes for users without modify ACL permissions
[ https://issues.apache.org/jira/browse/OAK-5931?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] angela updated OAK-5931: Component/s: (was: security) core > Inconsistent behaviour when removing nodes with rep:policy subnodes for > users without modify ACL permissions > - > > Key: OAK-5931 > URL: https://issues.apache.org/jira/browse/OAK-5931 > Project: Jackrabbit Oak > Issue Type: Bug > Components: core >Affects Versions: 1.4.14, 1.6.1 >Reporter: Tom Blackford > Fix For: 1.8 > > Attachments: ACLTest.java > > > If a session (without rep:modifyAccessControl) removes a node with a > rep:policy subnode and then recreates it within the same save (without the > rep:policy subnode) the commit diff will mistake the action for the removal > of the ACL, which this session is not authorised to do. > If the session is saved prior to recreating the node, both saves (after > remove and after recreate) will succeed. > From discussion with angela: > {quote} > the diff mechanism used within Root.commit cannot distinguish between the > removal of a policy or the replace of the access controlled node with one > that doesn't have the policy set. within that diff it looks like the removal > of the policy node > {quote} -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Updated] (OAK-5931) Inconsistent behaviour when removing nodes with rep:policy subnodes for users without modify ACL permissions
[ https://issues.apache.org/jira/browse/OAK-5931?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Alexander Saar updated OAK-5931: Fix Version/s: 1.8 > Inconsistent behaviour when removing nodes with rep:policy subnodes for > users without modify ACL permissions > - > > Key: OAK-5931 > URL: https://issues.apache.org/jira/browse/OAK-5931 > Project: Jackrabbit Oak > Issue Type: Bug > Components: security >Affects Versions: 1.4.14, 1.6.1 >Reporter: Tom Blackford > Fix For: 1.8 > > Attachments: ACLTest.java > > > If a session (without rep:modifyAccessControl) removes a node with a > rep:policy subnode and then recreates it within the same save (without the > rep:policy subnode) the commit diff will mistake the action for the removal > of the ACL, which this session is not authorised to do. > If the session is saved prior to recreating the node, both saves (after > remove and after recreate) will succeed. > From discussion with angela: > {quote} > the diff mechanism used within Root.commit cannot distinguish between the > removal of a policy or the replace of the access controlled node with one > that doesn't have the policy set. within that diff it looks like the removal > of the policy node > {quote} -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Updated] (OAK-5931) Inconsistent behaviour when removing nodes with rep:policy subnodes for users without modify ACL permissions
[ https://issues.apache.org/jira/browse/OAK-5931?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tom Blackford updated OAK-5931: --- Attachment: ACLTest.java Adding test case showing the different behaviours. > Inconsistent behaviour when removing nodes with rep:policy subnodes for > users without modify ACL permissions > - > > Key: OAK-5931 > URL: https://issues.apache.org/jira/browse/OAK-5931 > Project: Jackrabbit Oak > Issue Type: Bug > Components: security >Affects Versions: 1.4.14, 1.6.1 >Reporter: Tom Blackford > Attachments: ACLTest.java > > > If a session (without rep:modifyAccessControl) removes a node with a > rep:policy subnode and then recreates it within the same save (without the > rep:policy subnode) the commit diff will mistake the action for the removal > of the ACL, which this session is not authorised to do. > If the session is saved prior to recreating the node, both saves (after > remove and after recreate) will succeed. > From discussion with angela: > {quote} > the diff mechanism used within Root.commit cannot distinguish between the > removal of a policy or the replace of the access controlled node with one > that doesn't have the policy set. within that diff it looks like the removal > of the policy node > {quote} -- This message was sent by Atlassian JIRA (v6.3.15#6346)