jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dave Heath (JIRA)" <j...@apache.org>
Subject [jira] [Created] (JCR-3758) Adding 'deny' entry for Everyone principal to a subnode does not deny access to that node for principals defined on parent nodes
Date Mon, 24 Mar 2014 17:44:43 GMT
Dave Heath created JCR-3758:
-------------------------------

             Summary: Adding 'deny' entry for Everyone principal to a subnode does not deny
access to that node for principals defined on parent nodes
                 Key: JCR-3758
                 URL: https://issues.apache.org/jira/browse/JCR-3758
             Project: Jackrabbit Content Repository
          Issue Type: Bug
          Components: jackrabbit-core
            Reporter: Dave Heath


If I wanted to have a user principal with access to an nt:folder node /a1 but no access to
the subnode at /a1/a2, I should be able to grant access to that user principal on /a1 with
Privilege.JCR_ALL and then call AccessControlUtils.denyAllToEveryone on /a1/a2. However, granting
access on /a1 grants access to all subnodes of /a1 unless access is explicitly denied for
that particular user principal. Denying access to Everyone is only effective if the Everyone
principal is the means by which the user is granted access.

See the attached test case for an example of this behavior.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message