[
https://issues.apache.org/jira/browse/JCRVLT-292?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16496192#comment-16496192
]
angela commented on JCRVLT-292:
-------------------------------
[~stillalex], [~reschke], I have been thinking about this issue over and over
again. I don't feel comfortable to push this patch without having proper test
coverage in place.
Therefore I created a new container for the test coverage and created specific
subtasks for the security related parts, marking the one for access control
import as blocking this issue.
> Order of ACLs are altered on installation of content packages
> -------------------------------------------------------------
>
> Key: JCRVLT-292
> URL: https://issues.apache.org/jira/browse/JCRVLT-292
> Project: Jackrabbit FileVault
> Issue Type: Bug
> Components: Packaging
> Reporter: angela
> Priority: Major
> Attachments: JCRVLT-292-2.patch, JCRVLT-292.patch
>
>
> When installing a content package with AccessControlHandling _overwrite_
> access control entries contained in a given list are grouped by principal and
> ultimately imported with a different order that originally defined in the
> package.
> This alters the effective permissions for those {{Subject}}s that contain the
> principals for which the ACEs got imported.
> Example:
> 1. grant group1 read at /testroot
> 2. deny group2 read at specific subset of items within the tree defined by
> /testroot
> 3. grant group1 read/write at specific subset of items within the tree
> defined by /testroot
> The ACL resulting from the package import will contain the entries in the
> following order: 1, 3, 2.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
