[jira] [Commented] (JCRVLT-522) Authorizable and authorization nodes applied even if filter rules exclude them
[
https://issues.apache.org/jira/browse/JCRVLT-522?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17479175#comment-17479175
]
Tobias Bocanegra commented on JCRVLT-522:
-
I think only *2.* is inconsistent, right? so this could be fixed, by no
installing the ACL.
> Authorizable and authorization nodes applied even if filter rules exclude them
> --
>
> Key: JCRVLT-522
> URL: https://issues.apache.org/jira/browse/JCRVLT-522
> Project: Jackrabbit FileVault
> Issue Type: Improvement
> Components: Packaging
>Affects Versions: 3.4.10
>Reporter: Konrad Windszus
>Assignee: Konrad Windszus
>Priority: Major
> Fix For: 3.5.10
>
>
> Currently the filter rules are not fully evaluated prior to applying ACLs (in
> rep:policy and rep:repoPolicy files). According to JCRVLT-372 this is a bug.
> The same is true for authorizable nodes (compare with JCRVLT-71).
> The exact install behaviour is as follows (given that the ACHandling is not
> IGNORE):
>
> || ||Path in Filter?||Effect||Example ACL Path(s)||Example Content Node
> Path(s)||
> ||1|Contained in
> filter|Installed|/testroot/node_a/rep:policy|/testroot/node_a||
> ||2|Not contained in filter, but ancestor is
> contained|Installed|/testroot/secured/rep:policy|testroot/secured||
> ||3|Neither path nor ancestor is contained in filter|Not
> Installed|/test2/rep:policy|/test2||
> ||4|Path is not contained in filter, ancestor is not contained either, but
> node affected by ACLs is contained|Not
> Installed|/testroot/rep:policy|/testroot||
> The example columns assume the following filter.xml
> {code}
>
>
>
>
>
>
>
> {code}
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Commented] (JCRVLT-522) Authorizable and authorization nodes applied even if filter rules exclude them
[
https://issues.apache.org/jira/browse/JCRVLT-522?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17479164#comment-17479164
]
Konrad Windszus commented on JCRVLT-522:
[~tripod] Ping, how should we fix this inconsistent and unexpected behaviour?
> Authorizable and authorization nodes applied even if filter rules exclude them
> --
>
> Key: JCRVLT-522
> URL: https://issues.apache.org/jira/browse/JCRVLT-522
> Project: Jackrabbit FileVault
> Issue Type: Improvement
> Components: Packaging
>Affects Versions: 3.4.10
>Reporter: Konrad Windszus
>Assignee: Konrad Windszus
>Priority: Major
> Fix For: 3.5.10
>
>
> Currently the filter rules are not fully evaluated prior to applying ACLs (in
> rep:policy and rep:repoPolicy files). According to JCRVLT-372 this is a bug.
> The same is true for authorizable nodes (compare with JCRVLT-71).
> The exact install behaviour is as follows (given that the ACHandling is not
> IGNORE):
>
> || ||Path in Filter?||Effect||Example ACL Path(s)||Example Content Node
> Path(s)||
> ||1|Contained in
> filter|Installed|/testroot/node_a/rep:policy|/testroot/node_a||
> ||2|Not contained in filter, but ancestor is
> contained|Installed|/testroot/secured/rep:policy|testroot/secured||
> ||3|Neither path nor ancestor is contained in filter|Not
> Installed|/test2/rep:policy|/test2||
> ||4|Path is not contained in filter, ancestor is not contained either, but
> node affected by ACLs is contained|Not
> Installed|/testroot/rep:policy|/testroot||
> The example columns assume the following filter.xml
> {code}
>
>
>
>
>
>
>
> {code}
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Commented] (JCRVLT-522) Authorizable and authorization nodes applied even if filter rules exclude them
[
https://issues.apache.org/jira/browse/JCRVLT-522?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17414276#comment-17414276
]
Konrad Windszus commented on JCRVLT-522:
[~tripod] Any opinion on how to change the installation behaviour for the cases
listed in the table of this issue's description?
> Authorizable and authorization nodes applied even if filter rules exclude them
> --
>
> Key: JCRVLT-522
> URL: https://issues.apache.org/jira/browse/JCRVLT-522
> Project: Jackrabbit FileVault
> Issue Type: Improvement
> Components: Packaging
>Affects Versions: 3.4.10
>Reporter: Konrad Windszus
>Assignee: Konrad Windszus
>Priority: Major
> Fix For: 3.5.4
>
>
> Currently the filter rules are not fully evaluated prior to applying ACLs (in
> rep:policy and rep:repoPolicy files). According to JCRVLT-372 this is a bug.
> The same is true for authorizable nodes (compare with JCRVLT-71).
> The exact install behaviour is as follows (given that the ACHandling is not
> IGNORE):
>
> || ||Path in Filter?||Effect||Example ACL Path(s)||Example Content Node
> Path(s)||
> ||1|Contained in
> filter|Installed|/testroot/node_a/rep:policy|/testroot/node_a||
> ||2|Not contained in filter, but ancestor is
> contained|Installed|/testroot/secured/rep:policy|testroot/secured||
> ||3|Neither path nor ancestor is contained in filter|Not
> Installed|/test2/rep:policy|/test2||
> ||4|Path is not contained in filter, ancestor is not contained either, but
> node affected by ACLs is contained|Not
> Installed|/testroot/rep:policy|/testroot||
> The example columns assume the following filter.xml
> {code}
>
>
>
>
>
>
>
> {code}
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (JCRVLT-522) Authorizable and authorization nodes applied even if filter rules exclude them
[ https://issues.apache.org/jira/browse/JCRVLT-522?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17405888#comment-17405888 ] Konrad Windszus commented on JCRVLT-522: Even ACLs are not that simple, because if they are outside the filter, they might be discarded by https://github.com/apache/jackrabbit-filevault/blob/61e920f55e487aa5dc045c66ce5b7b5e444784ca/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/io/Importer.java#L530. [~tripod] Can you help me understand the status quo better? > Authorizable and authorization nodes applied even if filter rules exclude them > -- > > Key: JCRVLT-522 > URL: https://issues.apache.org/jira/browse/JCRVLT-522 > Project: Jackrabbit FileVault > Issue Type: Improvement > Components: Packaging >Affects Versions: 3.4.10 >Reporter: Konrad Windszus >Assignee: Konrad Windszus >Priority: Major > Fix For: 3.5.4 > > > Currently the filter rules are not evaluated prior to applying ACLs (in > rep:policy and rep:repoPolicy files). According to JCRVLT-372 this is a bug. > The same is true for authorizable nodes (compare with JCRVLT-71). -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (JCRVLT-522) Authorizable and authorization nodes applied even if filter rules exclude them
[ https://issues.apache.org/jira/browse/JCRVLT-522?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17405847#comment-17405847 ] Konrad Windszus commented on JCRVLT-522: The handling for authorizables during import look weird to me: - In case there doesn't exist yet an authorizable with the new ID, it will be created independent of filter rules (https://github.com/apache/jackrabbit-filevault/blob/61e920f55e487aa5dc045c66ce5b7b5e444784ca/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/DocViewSAXImporter.java#L725) - In case there is already an authorizable node and the to be imported authorizable is outside the filter the existing authorizable won't be touched (https://github.com/apache/jackrabbit-filevault/blob/61e920f55e487aa5dc045c66ce5b7b5e444784ca/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/DocViewSAXImporter.java#L750) [~tripod] Can you confirm this is desired behavior? Any need for doing adjustments here? > Authorizable and authorization nodes applied even if filter rules exclude them > -- > > Key: JCRVLT-522 > URL: https://issues.apache.org/jira/browse/JCRVLT-522 > Project: Jackrabbit FileVault > Issue Type: Improvement > Components: Packaging >Affects Versions: 3.4.10 >Reporter: Konrad Windszus >Assignee: Konrad Windszus >Priority: Major > Fix For: 3.5.4 > > > Currently the filter rules are not evaluated prior to applying ACLs (in > rep:policy and rep:repoPolicy files). According to JCRVLT-372 this is a bug. > The same is true for authorizable nodes (compare with JCRVLT-71). -- This message was sent by Atlassian Jira (v8.3.4#803005)
