[
https://issues.apache.org/jira/browse/JCRVLT-94?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14567505#comment-14567505
]
Tobias Bocanegra commented on JCRVLT-94:
----------------------------------------
the API docs explain it quite nice:
http://jackrabbit.apache.org/filevault/apidocs/org/apache/jackrabbit/vault/fs/io/AccessControlHandling.html#MERGE
{noformat}
Content ACL:
everyone, deny, jcr:all
bob, allow, jcr:read
bob, allow, jcr:write
Package ACL:
bob, deny, jcr:all
alice, allow, jcr:read
Result ACL:
everyone, deny, jcr:all
bob, deny, jcr:all
alice, allow, jcr:read
{noformat}
so you are saying that if bob has: allow jcr:verisonManagement, it will be
added to the other permissions and not replaced? ie:
{noformat}
Content ACL:
everyone, deny, jcr:all
bob, allow, jcr:read
bob, allow, jcr:write
Package ACL:
bob, allow, jcr:versionManagement
alice, allow, jcr:read
Result ACL:
everyone, deny, jcr:all
bob, allow, jcr:read
bob, allow, jcr:write
bob, allow, jcr:versionManagement
alice, allow, jcr:read
{noformat}
Can you please provide 2 test packages: 1 for creating the initial test
content, and 1 that shows the erratic behavior?
> [AccessControlHandling] Unexpected behavior of acHandling 'merge'
> -----------------------------------------------------------------
>
> Key: JCRVLT-94
> URL: https://issues.apache.org/jira/browse/JCRVLT-94
> Project: Jackrabbit FileVault
> Issue Type: Bug
> Components: vlt
> Affects Versions: 3.1.22
> Reporter: Anshika Agarwal
> Fix For: 3.1.22
>
>
> As per the document [0], the AccessControlHandling for 'merge' should be
> merging access control provided with the package with the one in the content
> by replacing the access control entries of corresponding principals (i.e.
> package first).
> This means if the package contains ACEs for a principal P, it should remove
> all the ACEs for that principal in the content and add the ones in the
> package.
> However, I am not seeing this expected behavior. The behavior I am seeing is
> as follows:
> ‘merge’ - Merges access control in the content with the one provided with the
> package by adding the access control entries of principals not present in the
> content but not removing the ones not present in the package.
> So for instance ACLs “jcr:read,jcr:versionManagement,rep:write” to
> forms-users exists in CRX at ‘/content/apps/cm’. And now if we change the
> ACLs for the same user/group and path to “rep:write,crx:replicate” and
> install our package, a union of ACLs is seen i.e.
> “jcr:read,jcr:versionManagement,rep:write,crx:replicate” to forms-users at
> ‘/content/apps/cm’.
> [0] :
> https://docs.adobe.com/docs/en/aem/6-0/develop/ref/javadoc/org/apache/jackrabbit/vault/fs/io/AccessControlHandling.html
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
