[
https://issues.apache.org/jira/browse/OAK-929?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13720490#comment-13720490
]
angela commented on OAK-929:
----------------------------
it will remove the deny entry and add a new allow entry but doesn't restore the
original state of the root node.
so, the finally clause should rather remove the ACE created before.
therefore i would suggest to do something like
- collect ACEs present on the root before
- add the deny entry for the test
- finally obtain the ACL for the root path and remove all entries that have not
been present before
{code}
Set<AccessControlEntry> acesBefore = ....
try {
// do the test
} finally {
AccessControlList acl =
o.a.j.commons.j.authorization.AccessControlUtils.getAccessControlList(superuser,
rootPath);
if (acl != null) {
for (AccessControlEntry ace : acl.getAccessControlEntries()) {
if (!acesBefore.contains(ace) {
acl.removeAccessControlEntry(ace);
}
}
acManager.setPolicy(rootPath, acl);
superuser.save();
}
}
{code}
> Permission changes not visible on root after refresh
> ----------------------------------------------------
>
> Key: OAK-929
> URL: https://issues.apache.org/jira/browse/OAK-929
> Project: Jackrabbit Oak
> Issue Type: Bug
> Components: core
> Reporter: Antonio Sanso
> Assignee: Michael Dürig
> Fix For: 0.9
>
> Attachments: OAK-929-patch.txt
>
>
> it looks like there is an issue on updating permission for the root node.
> If the permission for the root are changed those are not "refreshed".
> Any other nodes different than root seems to work though
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
