[
https://issues.apache.org/jira/browse/OAK-2412?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14287060#comment-14287060
]
Roland Gruber commented on OAK-2412:
------------------------------------
Added screenshot of ACLs for the parent (here /content/acl) and subnodes
project1/2.
Please create a test user that has groups acldeny+acl1+content-authors. He will
see only project1 in /content/acl.
This works in CRX2 but not CRX3.
> Rep:glob in Access Control List Entry with empty value is not correcty handled
> ------------------------------------------------------------------------------
>
> Key: OAK-2412
> URL: https://issues.apache.org/jira/browse/OAK-2412
> Project: Jackrabbit Oak
> Issue Type: Bug
> Components: core
> Affects Versions: 1.0.5
> Reporter: Roland Gruber
> Assignee: angela
> Attachments: OAK-2412_testJackrabbit.patch,
> OAK-2412_testJackrabbit_2.patch, OAK-2412_testOak.patch,
> OAK-2412_testOak_2.patch, acl_baseNode.png, acl_project1Node.png,
> acl_project2Node.png
>
>
> Setting a rep:glob with empty value ("") should restrict an ACL entry to the
> current node. This seems to no longer work (working wiith CRX2).
> See:
> http://jackrabbit.apache.org/api/2.2/org/apache/jackrabbit/core/security/authorization/GlobPattern.html
> How to reproduce:
> 1. Set a deny rule on a node with jcr:read and no rep:glob
> 2. Set an allow rule to the same node with rep:glob ""
> Expected result: Node is readable (subnodes are not readable)
> Actual result: Node is not readable
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
