[
https://issues.apache.org/jira/browse/JCR-3923?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16348902#comment-16348902
]
Konrad Windszus edited comment on JCR-3923 at 2/1/18 5:00 PM:
--------------------------------------------------------------
[~anchela] Thanks a lot for your hints. In our case it seems indeed like we are
using a {{rep:glob}} with a leading "/". Could you reference some documentation
which states how the rep:glob is exactly taken into consideration (which makes
it obvious that the rep:glob should never start with a "/")? The examples at
https://jackrabbit.apache.org/oak/docs/security/authorization/restriction.html#Examples
are not clear enough. Maybe that could be extended with an example for the
root node.
was (Author: kwin):
[~anchela] Thanks a lot for your hints. In our case it seems indeed like we are
using a {{rep:glob}} with a leading "/". Could you reference some documentation
which states how the rep:glob is exactly taken into consideration (which makes
it obvious that the rep:glob should never start with a "/")?
> Repository root doesn't respect rep:glob
> ----------------------------------------
>
> Key: JCR-3923
> URL: https://issues.apache.org/jira/browse/JCR-3923
> Project: Jackrabbit Content Repository
> Issue Type: Bug
> Reporter: Kamil
> Priority: Major
>
> I have following node structure:
> {noformat}
> /test
> /test/child
> /foo
> {noformat}
> When I set Principal based privileges to some user as:
> {noformat}
> Map<String, Value> restrictions = new HashMap<String, Value>();
> ValueFactory vf = session.getValueFactory();
> restrictions.put("rep:nodePath", vf.createValue("/test", PropertyType.PATH));
> restrictions.put("rep:glob", vf.createValue(""));
>
> jacl.addEntry(principal, privileges, allow, restrictions);
>
> acManager.setPolicy(jacl.getPath(), jacl);
> session.save();
> {noformat}
> where according to this documentation
> http://jackrabbit.apache.org/api/2.2/org/apache/jackrabbit/core/security/authorization/GlobPattern.html
> empty string means "matches /foo only", user can see only:
> {noformat}
> /test
> {noformat}
> without a child, which is correct. But when I set:
> {noformat}
> Map<String, Value> restrictions = new HashMap<String, Value>();
> ValueFactory vf = session.getValueFactory();
> restrictions.put("rep:nodePath", vf.createValue("/", PropertyType.PATH));
> restrictions.put("rep:glob", vf.createValue(""));
>
> jacl.addEntry(principal, privileges, allow, restrictions);
>
> acManager.setPolicy(jacl.getPath(), jacl);
> session.save();
> {noformat}
> then user can see all descendants of root:
> {noformat}
> /test
> /test/child
> /foo
> {noformat}
> which is not correct
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
