jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "angela (JIRA)" <j...@apache.org>
Subject [jira] Created: (JCR-2386) wrong eval order of access control entries within a single node (node-based ac)
Date Thu, 05 Nov 2009 21:57:32 GMT
wrong eval order of access control entries within a single node (node-based ac)
-------------------------------------------------------------------------------

                 Key: JCR-2386
                 URL: https://issues.apache.org/jira/browse/JCR-2386
             Project: Jackrabbit Content Repository
          Issue Type: Bug
          Components: jackrabbit-core
            Reporter: angela
            Assignee: angela


it seems to me that with the node-based access control the ac entries within a given node
are currently collected in the wrong order.
if i remember correctly this worked before and i removed at some point (for reasons i don't
recall exactly but have the vague idea that it
was related to the allow-only for groups).

anyway:
while playing around with the permission in our CRX recently i found, that the evaluation
of the following setup didn't work as I would
have expected:

- user A is member of group B and C
- for both groups an ACE exists on a given node /a/b/c
- the acl looks like  { deny for B, allow for C }

I would have expected that the allow for C would have reverted the previous deny for B since
- in the GUI - I read the ace eval order from first entry to last entry... in the order I
added them.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message