[jira] [Commented] (JCR-3923) Repository root doesn't respect rep:glob

Thu, 01 Feb 2018 07:54:37 -0800 

    [ 
https://issues.apache.org/jira/browse/JCR-3923?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16348787#comment-16348787
 ] 

Julian Reschke commented on JCR-3923:
-------------------------------------

I don't know this part of the code well enough to understand whether this is by 
design or not ([~anchela]?).

That said, this is not code shared with Oak, but I see that Oak has a similar 
class in 
https://github.com/apache/jackrabbit-oak/blob/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/GlobPattern.java

> Repository root doesn't respect rep:glob
> ----------------------------------------
>
>                 Key: JCR-3923
>                 URL: https://issues.apache.org/jira/browse/JCR-3923
>             Project: Jackrabbit Content Repository
>          Issue Type: Bug
>            Reporter: Kamil
>            Priority: Major
>
> I have following node structure:
> {noformat}
> /test
> /test/child
> /foo
> {noformat}
> When I set Principal based privileges to some user as:
> {noformat}
> Map<String, Value> restrictions = new HashMap<String, Value>();
> ValueFactory vf = session.getValueFactory();
> restrictions.put("rep:nodePath", vf.createValue("/test", PropertyType.PATH));
> restrictions.put("rep:glob",  vf.createValue(""));
>               
> jacl.addEntry(principal, privileges, allow, restrictions);
>               
> acManager.setPolicy(jacl.getPath(), jacl);
> session.save();
> {noformat}
> where according to this documentation 
> http://jackrabbit.apache.org/api/2.2/org/apache/jackrabbit/core/security/authorization/GlobPattern.html
>  empty string means "matches /foo only", user can see only:
> {noformat}
> /test
> {noformat}
> without a child, which is correct. But when I set:
> {noformat}
> Map<String, Value> restrictions = new HashMap<String, Value>();
> ValueFactory vf = session.getValueFactory();
> restrictions.put("rep:nodePath", vf.createValue("/", PropertyType.PATH));
> restrictions.put("rep:glob",  vf.createValue(""));
>               
> jacl.addEntry(principal, privileges, allow, restrictions);
>               
> acManager.setPolicy(jacl.getPath(), jacl);
> session.save();
> {noformat}
> then user can see all descendants of root:
> {noformat}
> /test
> /test/child
> /foo
> {noformat}
> which is not correct



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to