[jira] [Updated] (OAK-8855) Permission evaluation of nodes broken after :nestedCug removed from parent node
[ https://issues.apache.org/jira/browse/OAK-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Julian Reschke updated OAK-8855: Labels: (was: candidate_oak_1_22) > Permission evaluation of nodes broken after :nestedCug removed from parent > node > --- > > Key: OAK-8855 > URL: https://issues.apache.org/jira/browse/OAK-8855 > Project: Jackrabbit Oak > Issue Type: Bug > Components: authorization-cug >Affects Versions: 1.8.7 >Reporter: Kunal Shubham >Assignee: Angela Schreiber >Priority: Major > Fix For: 1.26.0, 1.8.21, 1.22.1 > > Attachments: OAK-8855.patch, OAK-8855_backport.patch > > > Steps to Reproduce: > # Create a node 'a' which has two children nodes 'b1' and 'b2'. The content > tree looks as shown: /content/a/b1, /content/a/b2. Create two users user1 and > user2. > # Apply CUG policy on /content/a. > ** Authorize user1 and user2 to read /content/a. > ** Authorize user1 to read /content/a/b1. > ** Authorize user2 to read /content/a/b2. > # Remove :nestedCugs property from /content/a/rep:cugPolicy. > # Create a content session, login with user2. Try to read /content/a/b1. > *Observed behavior* : user2 is able to read /content/a/b1. > *Expected behavior* : user2 should not be able to read /content/a/b1 as it is > unauthorized to do so. > Please note that :nestedCugs is removed by a mechanism which completely > overwrites content tree below "/content/a". -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (OAK-8855) Permission evaluation of nodes broken after :nestedCug removed from parent node
[ https://issues.apache.org/jira/browse/OAK-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Angela Schreiber updated OAK-8855: -- Fix Version/s: 1.8.21 > Permission evaluation of nodes broken after :nestedCug removed from parent > node > --- > > Key: OAK-8855 > URL: https://issues.apache.org/jira/browse/OAK-8855 > Project: Jackrabbit Oak > Issue Type: Bug > Components: authorization-cug >Affects Versions: 1.8.7 >Reporter: Kunal Shubham >Assignee: Angela Schreiber >Priority: Major > Fix For: 1.26.0, 1.10.9, 1.8.21, 1.22.1 > > Attachments: OAK-8855.patch, OAK-8855_backport.patch > > > Steps to Reproduce: > # Create a node 'a' which has two children nodes 'b1' and 'b2'. The content > tree looks as shown: /content/a/b1, /content/a/b2. Create two users user1 and > user2. > # Apply CUG policy on /content/a. > ** Authorize user1 and user2 to read /content/a. > ** Authorize user1 to read /content/a/b1. > ** Authorize user2 to read /content/a/b2. > # Remove :nestedCugs property from /content/a/rep:cugPolicy. > # Create a content session, login with user2. Try to read /content/a/b1. > *Observed behavior* : user2 is able to read /content/a/b1. > *Expected behavior* : user2 should not be able to read /content/a/b1 as it is > unauthorized to do so. > Please note that :nestedCugs is removed by a mechanism which completely > overwrites content tree below "/content/a". -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OAK-8855) Permission evaluation of nodes broken after :nestedCug removed from parent node
[ https://issues.apache.org/jira/browse/OAK-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Angela Schreiber updated OAK-8855: -- Fix Version/s: 1.10.9 > Permission evaluation of nodes broken after :nestedCug removed from parent > node > --- > > Key: OAK-8855 > URL: https://issues.apache.org/jira/browse/OAK-8855 > Project: Jackrabbit Oak > Issue Type: Bug > Components: authorization-cug >Affects Versions: 1.8.7 >Reporter: Kunal Shubham >Assignee: Angela Schreiber >Priority: Major > Fix For: 1.26.0, 1.10.9, 1.22.1 > > Attachments: OAK-8855.patch, OAK-8855_backport.patch > > > Steps to Reproduce: > # Create a node 'a' which has two children nodes 'b1' and 'b2'. The content > tree looks as shown: /content/a/b1, /content/a/b2. Create two users user1 and > user2. > # Apply CUG policy on /content/a. > ** Authorize user1 and user2 to read /content/a. > ** Authorize user1 to read /content/a/b1. > ** Authorize user2 to read /content/a/b2. > # Remove :nestedCugs property from /content/a/rep:cugPolicy. > # Create a content session, login with user2. Try to read /content/a/b1. > *Observed behavior* : user2 is able to read /content/a/b1. > *Expected behavior* : user2 should not be able to read /content/a/b1 as it is > unauthorized to do so. > Please note that :nestedCugs is removed by a mechanism which completely > overwrites content tree below "/content/a". -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OAK-8855) Permission evaluation of nodes broken after :nestedCug removed from parent node
[ https://issues.apache.org/jira/browse/OAK-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Angela Schreiber updated OAK-8855: -- Fix Version/s: 1.22.1 > Permission evaluation of nodes broken after :nestedCug removed from parent > node > --- > > Key: OAK-8855 > URL: https://issues.apache.org/jira/browse/OAK-8855 > Project: Jackrabbit Oak > Issue Type: Bug > Components: authorization-cug >Affects Versions: 1.8.7 >Reporter: Kunal Shubham >Assignee: Angela Schreiber >Priority: Major > Fix For: 1.26.0, 1.22.1 > > Attachments: OAK-8855.patch, OAK-8855_backport.patch > > > Steps to Reproduce: > # Create a node 'a' which has two children nodes 'b1' and 'b2'. The content > tree looks as shown: /content/a/b1, /content/a/b2. Create two users user1 and > user2. > # Apply CUG policy on /content/a. > ** Authorize user1 and user2 to read /content/a. > ** Authorize user1 to read /content/a/b1. > ** Authorize user2 to read /content/a/b2. > # Remove :nestedCugs property from /content/a/rep:cugPolicy. > # Create a content session, login with user2. Try to read /content/a/b1. > *Observed behavior* : user2 is able to read /content/a/b1. > *Expected behavior* : user2 should not be able to read /content/a/b1 as it is > unauthorized to do so. > Please note that :nestedCugs is removed by a mechanism which completely > overwrites content tree below "/content/a". -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OAK-8855) Permission evaluation of nodes broken after :nestedCug removed from parent node
[ https://issues.apache.org/jira/browse/OAK-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kunal Shubham updated OAK-8855: --- Attachment: (was: 0001-Fix-nestedcug-permission-issue.patch) > Permission evaluation of nodes broken after :nestedCug removed from parent > node > --- > > Key: OAK-8855 > URL: https://issues.apache.org/jira/browse/OAK-8855 > Project: Jackrabbit Oak > Issue Type: Bug > Components: authorization-cug >Affects Versions: 1.8.7 >Reporter: Kunal Shubham >Assignee: Angela Schreiber >Priority: Major > Attachments: OAK-8855.patch, OAK-8855_backport.patch > > > Steps to Reproduce: > # Create a node 'a' which has two children nodes 'b1' and 'b2'. The content > tree looks as shown: /content/a/b1, /content/a/b2. Create two users user1 and > user2. > # Apply CUG policy on /content/a. > ** Authorize user1 and user2 to read /content/a. > ** Authorize user1 to read /content/a/b1. > ** Authorize user2 to read /content/a/b2. > # Remove :nestedCugs property from /content/a/rep:cugPolicy. > # Create a content session, login with user2. Try to read /content/a/b1. > *Observed behavior* : user2 is able to read /content/a/b1. > *Expected behavior* : user2 should not be able to read /content/a/b1 as it is > unauthorized to do so. > Please note that :nestedCugs is removed by a mechanism which completely > overwrites content tree below "/content/a". -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OAK-8855) Permission evaluation of nodes broken after :nestedCug removed from parent node
[ https://issues.apache.org/jira/browse/OAK-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kunal Shubham updated OAK-8855: --- Attachment: OAK-8855.patch > Permission evaluation of nodes broken after :nestedCug removed from parent > node > --- > > Key: OAK-8855 > URL: https://issues.apache.org/jira/browse/OAK-8855 > Project: Jackrabbit Oak > Issue Type: Bug > Components: authorization-cug >Affects Versions: 1.8.7 >Reporter: Kunal Shubham >Assignee: Angela Schreiber >Priority: Major > Attachments: 0001-Fix-nestedcug-permission-issue.patch, > OAK-8855.patch, OAK-8855_backport.patch > > > Steps to Reproduce: > # Create a node 'a' which has two children nodes 'b1' and 'b2'. The content > tree looks as shown: /content/a/b1, /content/a/b2. Create two users user1 and > user2. > # Apply CUG policy on /content/a. > ** Authorize user1 and user2 to read /content/a. > ** Authorize user1 to read /content/a/b1. > ** Authorize user2 to read /content/a/b2. > # Remove :nestedCugs property from /content/a/rep:cugPolicy. > # Create a content session, login with user2. Try to read /content/a/b1. > *Observed behavior* : user2 is able to read /content/a/b1. > *Expected behavior* : user2 should not be able to read /content/a/b1 as it is > unauthorized to do so. > Please note that :nestedCugs is removed by a mechanism which completely > overwrites content tree below "/content/a". -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OAK-8855) Permission evaluation of nodes broken after :nestedCug removed from parent node
[ https://issues.apache.org/jira/browse/OAK-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kunal Shubham updated OAK-8855: --- Attachment: (was: diff.patch) > Permission evaluation of nodes broken after :nestedCug removed from parent > node > --- > > Key: OAK-8855 > URL: https://issues.apache.org/jira/browse/OAK-8855 > Project: Jackrabbit Oak > Issue Type: Bug > Components: authorization-cug >Affects Versions: 1.8.7 >Reporter: Kunal Shubham >Assignee: Angela Schreiber >Priority: Major > Attachments: 0001-Fix-nestedcug-permission-issue.patch, > OAK-8855_backport.patch > > > Steps to Reproduce: > # Create a node 'a' which has two children nodes 'b1' and 'b2'. The content > tree looks as shown: /content/a/b1, /content/a/b2. Create two users user1 and > user2. > # Apply CUG policy on /content/a. > ** Authorize user1 and user2 to read /content/a. > ** Authorize user1 to read /content/a/b1. > ** Authorize user2 to read /content/a/b2. > # Remove :nestedCugs property from /content/a/rep:cugPolicy. > # Create a content session, login with user2. Try to read /content/a/b1. > *Observed behavior* : user2 is able to read /content/a/b1. > *Expected behavior* : user2 should not be able to read /content/a/b1 as it is > unauthorized to do so. > Please note that :nestedCugs is removed by a mechanism which completely > overwrites content tree below "/content/a". -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OAK-8855) Permission evaluation of nodes broken after :nestedCug removed from parent node
[ https://issues.apache.org/jira/browse/OAK-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kunal Shubham updated OAK-8855: --- Attachment: OAK-8855_backport.patch > Permission evaluation of nodes broken after :nestedCug removed from parent > node > --- > > Key: OAK-8855 > URL: https://issues.apache.org/jira/browse/OAK-8855 > Project: Jackrabbit Oak > Issue Type: Bug > Components: authorization-cug >Affects Versions: 1.8.7 >Reporter: Kunal Shubham >Assignee: Andrei Dulceanu >Priority: Major > Attachments: 0001-Fix-nestedcug-permission-issue.patch, > OAK-8855_backport.patch, diff.patch > > > Steps to Reproduce: > # Create a node 'a' which has two children nodes 'b1' and 'b2'. The content > tree looks as shown: /content/a/b1, /content/a/b2. Create two users user1 and > user2. > # Apply CUG policy on /content/a. > ** Authorize user1 and user2 to read /content/a. > ** Authorize user1 to read /content/a/b1. > ** Authorize user2 to read /content/a/b2. > # Remove :nestedCugs property from /content/a/rep:cugPolicy. > # Create a content session, login with user2. Try to read /content/a/b1. > *Observed behavior* : user2 is able to read /content/a/b1. > *Expected behavior* : user2 should not be able to read /content/a/b1 as it is > unauthorized to do so. > Please note that :nestedCugs is removed by a mechanism which completely > overwrites content tree below "/content/a". -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OAK-8855) Permission evaluation of nodes broken after :nestedCug removed from parent node
[ https://issues.apache.org/jira/browse/OAK-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kunal Shubham updated OAK-8855: --- Attachment: diff.patch > Permission evaluation of nodes broken after :nestedCug removed from parent > node > --- > > Key: OAK-8855 > URL: https://issues.apache.org/jira/browse/OAK-8855 > Project: Jackrabbit Oak > Issue Type: Bug > Components: authorization-cug >Affects Versions: 1.8.7 >Reporter: Kunal Shubham >Assignee: Andrei Dulceanu >Priority: Major > Attachments: 0001-Fix-nestedcug-permission-issue.patch, diff.patch > > > Steps to Reproduce: > # Create a node 'a' which has two children nodes 'b1' and 'b2'. The content > tree looks as shown: /content/a/b1, /content/a/b2. Create two users user1 and > user2. > # Apply CUG policy on /content/a. > ** Authorize user1 and user2 to read /content/a. > ** Authorize user1 to read /content/a/b1. > ** Authorize user2 to read /content/a/b2. > # Remove :nestedCugs property from /content/a/rep:cugPolicy. > # Create a content session, login with user2. Try to read /content/a/b1. > *Observed behavior* : user2 is able to read /content/a/b1. > *Expected behavior* : user2 should not be able to read /content/a/b1 as it is > unauthorized to do so. > Please note that :nestedCugs is removed by a mechanism which completely > overwrites content tree below "/content/a". -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OAK-8855) Permission evaluation of nodes broken after :nestedCug removed from parent node
[ https://issues.apache.org/jira/browse/OAK-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andrei Dulceanu updated OAK-8855: - Affects Version/s: (was: 1.6.19) 1.8.7 > Permission evaluation of nodes broken after :nestedCug removed from parent > node > --- > > Key: OAK-8855 > URL: https://issues.apache.org/jira/browse/OAK-8855 > Project: Jackrabbit Oak > Issue Type: Bug > Components: authorization-cug >Affects Versions: 1.8.7 >Reporter: Kunal Shubham >Assignee: Andrei Dulceanu >Priority: Major > Attachments: 0001-Fix-nestedcug-permission-issue.patch > > > Steps to Reproduce: > # Create a node 'a' which has two children nodes 'b1' and 'b2'. The content > tree looks as shown: /content/a/b1, /content/a/b2. Create two users user1 and > user2. > # Apply CUG policy on /content/a. > ** Authorize user1 and user2 to read /content/a. > ** Authorize user1 to read /content/a/b1. > ** Authorize user2 to read /content/a/b2. > # Remove :nestedCugs property from /content/a/rep:cugPolicy. > # Create a content session, login with user2. Try to read /content/a/b1. > *Observed behavior* : user2 is able to read /content/a/b1. > *Expected behavior* : user2 should not be able to read /content/a/b1 as it is > unauthorized to do so. > Please note that :nestedCugs is removed by a mechanism which completely > overwrites content tree below "/content/a". -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OAK-8855) Permission evaluation of nodes broken after :nestedCug removed from parent node
[ https://issues.apache.org/jira/browse/OAK-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andrei Dulceanu updated OAK-8855: - Affects Version/s: 1.6.19 > Permission evaluation of nodes broken after :nestedCug removed from parent > node > --- > > Key: OAK-8855 > URL: https://issues.apache.org/jira/browse/OAK-8855 > Project: Jackrabbit Oak > Issue Type: Bug > Components: authorization-cug >Affects Versions: 1.6.19 >Reporter: Kunal Shubham >Assignee: Andrei Dulceanu >Priority: Major > Attachments: 0001-Fix-nestedcug-permission-issue.patch > > > Steps to Reproduce: > # Create a node 'a' which has two children nodes 'b1' and 'b2'. The content > tree looks as shown: /content/a/b1, /content/a/b2. Create two users user1 and > user2. > # Apply CUG policy on /content/a. > ** Authorize user1 and user2 to read /content/a. > ** Authorize user1 to read /content/a/b1. > ** Authorize user2 to read /content/a/b2. > # Remove :nestedCugs property from /content/a/rep:cugPolicy. > # Create a content session, login with user2. Try to read /content/a/b1. > *Observed behavior* : user2 is able to read /content/a/b1. > *Expected behavior* : user2 should not be able to read /content/a/b1 as it is > unauthorized to do so. > Please note that :nestedCugs is removed by a mechanism which completely > overwrites content tree below "/content/a". -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OAK-8855) Permission evaluation of nodes broken after :nestedCug removed from parent node
[ https://issues.apache.org/jira/browse/OAK-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kunal Shubham updated OAK-8855: --- Attachment: 0001-Fix-nestedcug-permission-issue.patch > Permission evaluation of nodes broken after :nestedCug removed from parent > node > --- > > Key: OAK-8855 > URL: https://issues.apache.org/jira/browse/OAK-8855 > Project: Jackrabbit Oak > Issue Type: Bug > Components: authorization-cug >Reporter: Kunal Shubham >Priority: Major > Attachments: 0001-Fix-nestedcug-permission-issue.patch > > > Steps to Reproduce: > # Create a node 'a' which has two children nodes 'b1' and 'b2'. The content > tree looks as shown: /content/a/b1, /content/a/b2. Create two users user1 and > user2. > # Apply CUG policy on /content/a. > ** Authorize user1 and user2 to read /content/a. > ** Authorize user1 to read /content/a/b1. > ** Authorize user2 to read /content/a/b2. > # Remove :nestedCugs property from /content/a/rep:cugPolicy. > # Create a content session, login with user2. Try to read /content/a/b1. > *Observed behavior* : user2 is able to read /content/a/b1. > *Expected behavior* : user2 should not be able to read /content/a/b1 as it is > unauthorized to do so. > Please note that :nestedCugs is removed by a mechanism which completely > overwrites content tree below "/content/a". -- This message was sent by Atlassian Jira (v8.3.4#803005)