[jira] [Updated] (OAK-5931) Inconsistent behaviour when removing nodes with rep:policy subnodes for users without modify ACL permissions
[
https://issues.apache.org/jira/browse/OAK-5931?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
angela updated OAK-5931:
Fix Version/s: (was: 1.8)
> Inconsistent behaviour when removing nodes with rep:policy subnodes for
> users without modify ACL permissions
> -
>
> Key: OAK-5931
> URL: https://issues.apache.org/jira/browse/OAK-5931
> Project: Jackrabbit Oak
> Issue Type: Bug
> Components: core
>Affects Versions: 1.4.14, 1.6.1
>Reporter: Tom Blackford
>Assignee: angela
> Attachments: ACLTest.java
>
>
> If a session (without rep:modifyAccessControl) removes a node with a
> rep:policy subnode and then recreates it within the same save (without the
> rep:policy subnode) the commit diff will mistake the action for the removal
> of the ACL, which this session is not authorised to do.
> If the session is saved prior to recreating the node, both saves (after
> remove and after recreate) will succeed.
> From discussion with angela:
> {quote}
> the diff mechanism used within Root.commit cannot distinguish between the
> removal of a policy or the replace of the access controlled node with one
> that doesn't have the policy set. within that diff it looks like the removal
> of the policy node
> {quote}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
[jira] [Updated] (OAK-5931) Inconsistent behaviour when removing nodes with rep:policy subnodes for users without modify ACL permissions
[
https://issues.apache.org/jira/browse/OAK-5931?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
angela updated OAK-5931:
Component/s: (was: security)
core
> Inconsistent behaviour when removing nodes with rep:policy subnodes for
> users without modify ACL permissions
> -
>
> Key: OAK-5931
> URL: https://issues.apache.org/jira/browse/OAK-5931
> Project: Jackrabbit Oak
> Issue Type: Bug
> Components: core
>Affects Versions: 1.4.14, 1.6.1
>Reporter: Tom Blackford
> Fix For: 1.8
>
> Attachments: ACLTest.java
>
>
> If a session (without rep:modifyAccessControl) removes a node with a
> rep:policy subnode and then recreates it within the same save (without the
> rep:policy subnode) the commit diff will mistake the action for the removal
> of the ACL, which this session is not authorised to do.
> If the session is saved prior to recreating the node, both saves (after
> remove and after recreate) will succeed.
> From discussion with angela:
> {quote}
> the diff mechanism used within Root.commit cannot distinguish between the
> removal of a policy or the replace of the access controlled node with one
> that doesn't have the policy set. within that diff it looks like the removal
> of the policy node
> {quote}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
[jira] [Updated] (OAK-5931) Inconsistent behaviour when removing nodes with rep:policy subnodes for users without modify ACL permissions
[
https://issues.apache.org/jira/browse/OAK-5931?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alexander Saar updated OAK-5931:
Fix Version/s: 1.8
> Inconsistent behaviour when removing nodes with rep:policy subnodes for
> users without modify ACL permissions
> -
>
> Key: OAK-5931
> URL: https://issues.apache.org/jira/browse/OAK-5931
> Project: Jackrabbit Oak
> Issue Type: Bug
> Components: security
>Affects Versions: 1.4.14, 1.6.1
>Reporter: Tom Blackford
> Fix For: 1.8
>
> Attachments: ACLTest.java
>
>
> If a session (without rep:modifyAccessControl) removes a node with a
> rep:policy subnode and then recreates it within the same save (without the
> rep:policy subnode) the commit diff will mistake the action for the removal
> of the ACL, which this session is not authorised to do.
> If the session is saved prior to recreating the node, both saves (after
> remove and after recreate) will succeed.
> From discussion with angela:
> {quote}
> the diff mechanism used within Root.commit cannot distinguish between the
> removal of a policy or the replace of the access controlled node with one
> that doesn't have the policy set. within that diff it looks like the removal
> of the policy node
> {quote}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
[jira] [Updated] (OAK-5931) Inconsistent behaviour when removing nodes with rep:policy subnodes for users without modify ACL permissions
[
https://issues.apache.org/jira/browse/OAK-5931?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tom Blackford updated OAK-5931:
---
Attachment: ACLTest.java
Adding test case showing the different behaviours.
> Inconsistent behaviour when removing nodes with rep:policy subnodes for
> users without modify ACL permissions
> -
>
> Key: OAK-5931
> URL: https://issues.apache.org/jira/browse/OAK-5931
> Project: Jackrabbit Oak
> Issue Type: Bug
> Components: security
>Affects Versions: 1.4.14, 1.6.1
>Reporter: Tom Blackford
> Attachments: ACLTest.java
>
>
> If a session (without rep:modifyAccessControl) removes a node with a
> rep:policy subnode and then recreates it within the same save (without the
> rep:policy subnode) the commit diff will mistake the action for the removal
> of the ACL, which this session is not authorised to do.
> If the session is saved prior to recreating the node, both saves (after
> remove and after recreate) will succeed.
> From discussion with angela:
> {quote}
> the diff mechanism used within Root.commit cannot distinguish between the
> removal of a policy or the replace of the access controlled node with one
> that doesn't have the policy set. within that diff it looks like the removal
> of the policy node
> {quote}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
