[
https://issues.apache.org/jira/browse/JCR-2937?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13019905#comment-13019905
]
Tobias Bocanegra commented on JCR-2937:
---------------------------------------
does this mean: "everyone" deny jcr:all read "/*", denies read to properties
of / ?
if yes, wouldn't it be better to clearly distinct properties from subnodes in
the patterns? eg:
allow jcr:read glob = /jcr:* (allow all sub nodes start with jcr:*)
deny jcr:read glob = /@jcr:* (deny all properties start with jcr:*)
in general, maybe a (simplified) xpath expression would be better suitable to
define a set of items instead of globbing patterns.
> ACL with glob restrictions does not work on '/'
> -----------------------------------------------
>
> Key: JCR-2937
> URL: https://issues.apache.org/jira/browse/JCR-2937
> Project: Jackrabbit Content Repository
> Issue Type: Bug
> Components: security
> Affects Versions: 2.3.0
> Reporter: Tobias Bocanegra
> Assignee: angela
>
> i tried to define a ACL on '/' that would allow 'read' on '/' itself, but not
> for the nodes underneath. i tried "*", "/*", "./*" but none of them seem to
> do the desired effect.
> eg:
> everyone,allow,jcr:read, '/'
> everyone,deny,jcr:read, '/', glob="/*"
> the same works for a non-root node.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
