jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "angela (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (JCR-2937) ACL with glob restrictions does not work on '/'
Date Thu, 14 Apr 2011 16:29:06 GMT

    [ https://issues.apache.org/jira/browse/JCR-2937?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13019897#comment-13019897
] 

angela commented on JCR-2937:
-----------------------------

the properties get the permission inherited from the node unless there is a restriction matching
specifically. 
the jcr:read privilege currently is in our implementation not aggregated and thus does not
allow to distinguish between different types of items.

in other word: reading the node includes readability of it's property with the only exception
that the jackrabbit extensions are used and the read access is narrowed by a pattern that
only matches a subset of items (nodes or properties)

> ACL with glob restrictions does not work on '/'
> -----------------------------------------------
>
>                 Key: JCR-2937
>                 URL: https://issues.apache.org/jira/browse/JCR-2937
>             Project: Jackrabbit Content Repository
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 2.3.0
>            Reporter: Tobias Bocanegra
>            Assignee: angela
>
> i tried to define a ACL on '/' that would allow 'read' on '/' itself, but not for the
nodes underneath. i tried "*", "/*", "./*" but none of them seem to do the desired effect.
> eg:
> everyone,allow,jcr:read, '/'
> everyone,deny,jcr:read, '/', glob="/*"
> the same works for a non-root node.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message