Dave Heath created JCR-3758:
-------------------------------
Summary: Adding 'deny' entry for Everyone principal to a subnode
does not deny access to that node for principals defined on parent nodes
Key: JCR-3758
URL: https://issues.apache.org/jira/browse/JCR-3758
Project: Jackrabbit Content Repository
Issue Type: Bug
Components: jackrabbit-core
Reporter: Dave Heath
If I wanted to have a user principal with access to an nt:folder node /a1 but
no access to the subnode at /a1/a2, I should be able to grant access to that
user principal on /a1 with Privilege.JCR_ALL and then call
AccessControlUtils.denyAllToEveryone on /a1/a2. However, granting access on /a1
grants access to all subnodes of /a1 unless access is explicitly denied for
that particular user principal. Denying access to Everyone is only effective if
the Everyone principal is the means by which the user is granted access.
See the attached test case for an example of this behavior.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
