[
https://issues.apache.org/jira/browse/JCR-2646?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
angela resolved JCR-2646.
-------------------------
Resolution: Fixed
> AccessControlManager#getEffectivePolicies(String) may expose AC content
> without proper permissions
> --------------------------------------------------------------------------------------------------
>
> Key: JCR-2646
> URL: https://issues.apache.org/jira/browse/JCR-2646
> Project: Jackrabbit Content Repository
> Issue Type: Bug
> Components: jackrabbit-core
> Affects Versions: 2.0.0, 2.1.0
> Reporter: angela
> Assignee: angela
> Priority: Minor
> Fix For: 2.2.0
>
>
> The implementation of AccessControlManager#getEffectivePolicies(String) in
> the DefaultAccessManager only checks if the session is allowed
> to read AC content at the specified path. However the result may also include
> policies effective at absPath that should not be visible to the editing
> session (read_AC permissions denied e.g. at an ancestor node) and could not
> be read by the editing session be means of #getPolicies().
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
