jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "angela (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (JCRVLT-292) Order of ACLs are altered on installation of content packages
Date Wed, 30 May 2018 11:40:00 GMT

    [ https://issues.apache.org/jira/browse/JCRVLT-292?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16495053#comment-16495053
] 

angela commented on JCRVLT-292:
-------------------------------

[~stillalex], thanks a lot for the review, very much appreciated. maybe i can get rid of the
{{LinkedHashMap}} altogether.... also in think the principal lookup can be dropped as it anyway
falls back to a innerclass principal in case it's not known to the {{PrincipalManager}}. ultimately
the access control management implementation is in charge of validating and potentially rejecting
invalid/unknown principals. will attach an updated patch as soon as i managed to incorporate
the feedback and my conclusions.

> Order of ACLs are altered on installation of content packages
> -------------------------------------------------------------
>
>                 Key: JCRVLT-292
>                 URL: https://issues.apache.org/jira/browse/JCRVLT-292
>             Project: Jackrabbit FileVault
>          Issue Type: Bug
>          Components: Packaging
>            Reporter: angela
>            Priority: Major
>         Attachments: JCRVLT-292.patch
>
>
> When installing a content package with AccessControlHandling _overwrite_ access control
entries contained in a given list are grouped by principal and ultimately imported with a
different order that originally defined in the package.
> This alters the effective permissions for those {{Subject}}s that contain the principals
for which the ACEs got imported.
> Example:
> 1. grant group1 read at /testroot
> 2. deny group2 read at specific subset of items within the tree defined by /testroot
> 3. grant group1 read/write at  specific subset of items within the tree defined by /testroot
> The ACL resulting from the package import will contain the entries in the following order:
1, 3, 2.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message