AccessControlUtil.replaceAccessControlEntry(..) must preserve the order of the
ACEs in the AccessControlList when merging changes into an existing ACE
------------------------------------------------------------------------------------------------------------------------------------------------------
Key: SLING-1457
URL: https://issues.apache.org/jira/browse/SLING-1457
Project: Sling
Issue Type: Bug
Components: JCR
Affects Versions: JCR Jackrabbit Access Manager 2.0.6
Reporter: Eric Norman
Assignee: Eric Norman
Fix For: JCR Jackrabbit Access Manager 2.0.6
As described by Ray Davis on the jackrabbit-users mailing list (see
http://www.mail-archive.com/[email protected]/msg14734.html ), the
order of the ACEs in the AccessControlList is important for resolving
conflicting group permissions. When resolving the permissions, if the current
user is the member of multiple groups that have permissions specified, then the
last group in the ACL wins if there are any conflicts.
The problem is that whenever the sling
AccessControlUtil.replaceAccessControlEntry(..) api is invoked to merge changes
to an ACE, the old ACE is removed from the ACL and re-added at the end of list
of ACEs. Instead, the merge logic should ensure that the updated ACE is in
the same position as the ACE that is being updated.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
