[
https://issues.apache.org/jira/browse/JCRVLT-94?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Anshika Agarwal updated JCRVLT-94:
----------------------------------
Description:
As per the document [0], the AccessControlHandling for 'merge' should be
merging access control provided with the package with the one in the content by
replacing the access control entries of corresponding principals (i.e. package
first).
This means if the package contains ACEs for a principal P, it should remove
all the ACEs for that principal in the content and add the ones in the package.
However, I am not seeing this expected behavior. The behavior I am seeing is as
follows:
‘merge’ - Merges access control in the content with the one provided with the
package by adding the access control entries of principals not present in the
content but not removing the ones not present in the package.
So for instance ACLs “jcr:read,jcr:versionManagement,rep:write” to forms-users
exists in CRX at ‘/content/apps/cm’. And now if we change the ACLs for the same
user/group and path to “rep:write,crx:replicate” and install our package, a
union of ACLs is seen i.e.
“jcr:read,jcr:versionManagement,rep:write,crx:replicate” to forms-users at
‘/content/apps/cm’.
[0] :
https://docs.adobe.com/docs/en/aem/6-0/develop/ref/javadoc/org/apache/jackrabbit/vault/fs/io/AccessControlHandling.html
was:
As per the document [0], the AccessControlHandling for 'merge' should be
merging access control provided with the package with the one in the content by
replacing the access control entries of corresponding principals (i.e. package
first).
This means if the package contains ACEs for a principal P, it should remove
all the ACEs for that principal in the content and add the ones in the package.
However, I am not seeing this expected behavior. The behavior I am seeing is as
follows:
- ‘merge’ - Merges access control in the content with the one provided
with the package by adding the access control entries of principals not present
in the content but not removing the ones not present in the package.
For instance ACLs “jcr:read,jcr:versionManagement,rep:write” to forms-users
exists in CRX at ‘/content/apps/cm’. And now if we change the ACLs for the same
user/group and path to “rep:write,crx:replicate” and install our package, a
union of ACLs is seen i.e.
“jcr:read,jcr:versionManagement,rep:write,crx:replicate” to forms-users at
‘/content/apps/cm’.
> [AccessControlHandling] Unexpected behavior of acHandling 'merge'
> -----------------------------------------------------------------
>
> Key: JCRVLT-94
> URL: https://issues.apache.org/jira/browse/JCRVLT-94
> Project: Jackrabbit FileVault
> Issue Type: Bug
> Components: vlt
> Affects Versions: 3.1.22
> Reporter: Anshika Agarwal
> Fix For: 3.1.22
>
>
> As per the document [0], the AccessControlHandling for 'merge' should be
> merging access control provided with the package with the one in the content
> by replacing the access control entries of corresponding principals (i.e.
> package first).
> This means if the package contains ACEs for a principal P, it should remove
> all the ACEs for that principal in the content and add the ones in the
> package.
> However, I am not seeing this expected behavior. The behavior I am seeing is
> as follows:
> ‘merge’ - Merges access control in the content with the one provided with the
> package by adding the access control entries of principals not present in the
> content but not removing the ones not present in the package.
> So for instance ACLs “jcr:read,jcr:versionManagement,rep:write” to
> forms-users exists in CRX at ‘/content/apps/cm’. And now if we change the
> ACLs for the same user/group and path to “rep:write,crx:replicate” and
> install our package, a union of ACLs is seen i.e.
> “jcr:read,jcr:versionManagement,rep:write,crx:replicate” to forms-users at
> ‘/content/apps/cm’.
> [0] :
> https://docs.adobe.com/docs/en/aem/6-0/develop/ref/javadoc/org/apache/jackrabbit/vault/fs/io/AccessControlHandling.html
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
