[
https://issues.apache.org/jira/browse/JCRVLT-292?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16495053#comment-16495053
]
angela commented on JCRVLT-292:
-------------------------------
[~stillalex], thanks a lot for the review, very much appreciated. maybe i can
get rid of the {{LinkedHashMap}} altogether.... also in think the principal
lookup can be dropped as it anyway falls back to a innerclass principal in case
it's not known to the {{PrincipalManager}}. ultimately the access control
management implementation is in charge of validating and potentially rejecting
invalid/unknown principals. will attach an updated patch as soon as i managed
to incorporate the feedback and my conclusions.
> Order of ACLs are altered on installation of content packages
> -------------------------------------------------------------
>
> Key: JCRVLT-292
> URL: https://issues.apache.org/jira/browse/JCRVLT-292
> Project: Jackrabbit FileVault
> Issue Type: Bug
> Components: Packaging
> Reporter: angela
> Priority: Major
> Attachments: JCRVLT-292.patch
>
>
> When installing a content package with AccessControlHandling _overwrite_
> access control entries contained in a given list are grouped by principal and
> ultimately imported with a different order that originally defined in the
> package.
> This alters the effective permissions for those {{Subject}}s that contain the
> principals for which the ACEs got imported.
> Example:
> 1. grant group1 read at /testroot
> 2. deny group2 read at specific subset of items within the tree defined by
> /testroot
> 3. grant group1 read/write at specific subset of items within the tree
> defined by /testroot
> The ACL resulting from the package import will contain the entries in the
> following order: 1, 3, 2.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
