Angela Schreiber created SLING-9971:
---------------------------------------
Summary: AclManagerTest/RepPolicyEntryHandlerTest : no tests for
'deny' entries
Key: SLING-9971
URL: https://issues.apache.org/jira/browse/SLING-9971
Project: Sling
Issue Type: Improvement
Components: Content-Package to Feature Model Converter
Reporter: Angela Schreiber
from what i can see there exists not a single test case for 'deny' access
control entries. while i agree that creating deny-entries for system users
should be considered bad practice, it's it possible with resource-based access
control setup (note though that principal-based access control setup only
allows for 'allow' entries, see
http://jackrabbit.apache.org/api/2.18/org/apache/jackrabbit/api/security/authorization/PrincipalAccessControlList.html#addEntry-java.lang.String-javax.jcr.security.Privilege:A-
and
http://jackrabbit.apache.org/oak/docs/security/authorization/principalbased.html#Implementation_Details).
unless the converter intended to prevent 'deny' entries from being used
(currently not the case), i think there should be at least 1 test that verifies
that deny entries will be properly converted.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
