Angela Schreiber created OAK-9775:
-------------------------------------
Summary: ACEs with unsupported restrictions must be cleared upon
editing
Key: OAK-9775
URL: https://issues.apache.org/jira/browse/OAK-9775
Project: Jackrabbit Oak
Issue Type: Bug
Components: core, security
Reporter: Angela Schreiber
Assignee: Angela Schreiber
if the tree presentation of an access control list contains restrictions that
are not supported the restriction provider will ignore them upon reading the
policy from the content repository.
this will lead to ACEs being generated that contain an incomplete restriction
set. however, the access control manager fails to detect them as incomplete or
invalid, which upon editing of the policy will lead to
- incomplete ACEs being written back _or_
- AccessControlValidator failing in case the incomplete ACEs result in
duplications
instead ACEs containing unsupported restrictions must be detected and removed
from the policy upon editing (with a error being logged).
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
