jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mat Lowery <mlow...@pentaho.com>
Subject org.apache.jackrabbit.core.security.authorization.acl.EntryCollector bug?
Date Fri, 16 Mar 2012 14:55:44 GMT
EntryCollector.java from Jackrabbit 2.4.0:

144        } else {
145            filterEntries(filter, getEntries(node).getACEs(), 
userAces, groupAces);
146            NodeId next = node.getParentId();
147            while (next != null) {
148                Entries entries = getEntries(next);
149                filterEntries(filter, entries.getACEs(), userAces, 
groupAces);
150                next = entries.getNextId();
151            }
152        }

The problem I see here (and I only found it because I overrode 
getEntries()) is line 146. I think the line should be:

146            NodeId next = entries.getNextId()

To be clear, there is no problem with the released code's behavior 
because node.getParentId() and entries.getNextId() return the same 
thing. But it is a potential issue since Entries has a nextId that is 
not consulted.

EntryCollector.java with recommended change:

144        } else {
145            Entries entries = getEntries(node); // inserted
146            filterEntries(filter, entries.getACEs(), userAces, 
groupAces); // changed
147            NodeId next = entries.getNextId(); // changed
148            while (next != null) {
149                entries = getEntries(next);
150                filterEntries(filter, entries.getACEs(), userAces, 
groupAces);
151                next = entries.getNextId();
152            }
153        }

Can anyone confirm my thinking?

Thanks!

Mime
View raw message