[
https://issues.apache.org/jira/browse/OAK-2740?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14487427#comment-14487427
]
angela commented on OAK-2740:
-----------------------------
There are 2 possibilities to address this:
- let 'AuthorizationContext' also look at the primary type (instead of just
relying on the name for performance reasons)
- add some magic to TreeTypeProvider for the node type special case
> TreeTypeProvider treates optimized node type definition info as Ac-Content
> --------------------------------------------------------------------------
>
> Key: OAK-2740
> URL: https://issues.apache.org/jira/browse/OAK-2740
> Project: Jackrabbit Oak
> Issue Type: Bug
> Components: core
> Reporter: angela
> Assignee: angela
> Priority: Blocker
>
> while investigating a bug reported by [~teofili] and [~mpetria] that cause
> group-import with policy node to fail when run with non-administrative
> session, i found that the {{TreeTypeProvider}} wrongly identifies the
> optimized item definition information stored with the node types (e.g.
> {{/jcr:system/jcr:nodeTypes/rep:AccessControllable/rep:namedChildNodeDefinitions/rep:policy}}
> ) as access control content and thus doesn't read it properly when using a
> session that doesn't have jcr:readAccessControl privilege at
> /jcr:system/jcr:nodeTypes.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
