jackrabbit-oak-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "angela (JIRA)" <j...@apache.org>
Subject [jira] [Created] (OAK-8000) AccessControlManagerImpl.getEffectivePolicies(String) doesn't respect restrictions
Date Wed, 23 Jan 2019 07:57:00 GMT
angela created OAK-8000:

             Summary: AccessControlManagerImpl.getEffectivePolicies(String) doesn't respect
                 Key: OAK-8000
                 URL: https://issues.apache.org/jira/browse/OAK-8000
             Project: Jackrabbit Oak
          Issue Type: Bug
          Components: core, security
            Reporter: angela
            Assignee: angela

[~stillalex], looking at the implementation of {{AccessControlManagerImpl.getEffectivePolicies(String)}}
I noticed that the implementation only walks up the hierarchy collection the access control
lists but does not evaluated whether the individual entries actually take effect on the tree
defined by the 'absPath' param. While this is always true for entries without restrictions,
it doesn't necessarily apply for entries that hold restrictions.

The easiest way to fix this was probably to call the variant of {{createACL}} that takes a
{{Predicate}} and use that one to read and evaluate the restriction pattern present with each
entry tree. 

Since the {{AccessControlManager.getEffectivePolicies}} is defined to be best-effort, I don't
consider this a serious flaw. But for the sake of improved accuracy it might still be worth
addressing. wdyt?

This message was sent by Atlassian JIRA

View raw message