[
https://issues.apache.org/jira/browse/SLING-9971?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Karl Pauls closed SLING-9971.
-----------------------------
> AclManagerTest/RepPolicyEntryHandlerTest : no tests for 'deny' entries
> ----------------------------------------------------------------------
>
> Key: SLING-9971
> URL: https://issues.apache.org/jira/browse/SLING-9971
> Project: Sling
> Issue Type: Improvement
> Components: Content-Package to Feature Model Converter
> Reporter: Angela Schreiber
> Assignee: Karl Pauls
> Priority: Minor
> Fix For: Content-Package to Feature Model Converter 1.1.0
>
>
> from what i can see there exists not a single test case for 'deny' access
> control entries. while i agree that creating deny-entries for system users
> should be considered bad practice, it's it possible with resource-based
> access control setup (note though that principal-based access control setup
> only allows for 'allow' entries, see
> http://jackrabbit.apache.org/api/2.18/org/apache/jackrabbit/api/security/authorization/PrincipalAccessControlList.html#addEntry-java.lang.String-javax.jcr.security.Privilege:A-
> and
> http://jackrabbit.apache.org/oak/docs/security/authorization/principalbased.html#Implementation_Details).
> unless the converter intended to prevent 'deny' entries from being used
> (currently not the case), i think there should be at least 1 test that
> verifies that deny entries will be properly converted.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
