Uploaded image for project: 'Jackrabbit Oak'
  1. Jackrabbit Oak
  2. OAK-9775

ACEs with unsupported restrictions must be cleared upon editing

    XMLWordPrintableJSON

Details

    Description

      if the tree presentation of an access control list contains restrictions that are not supported the restriction provider will ignore them upon reading the policy from the content repository.

      this will lead to ACEs being generated that contain an incomplete restriction set. however, the access control manager fails to detect them as incomplete or invalid, which upon editing of the policy will lead to

      • incomplete ACEs being written back or
      • AccessControlValidator failing in case the incomplete ACEs result in duplications

      instead ACEs containing unsupported restrictions must be detected and removed from the policy upon editing (with a error being logged).

      how to get there:

      • custom restrictions being written to the repository and the custom restriction provider being uninstalled from the security setup
      • using newer restrictions and then using that repository content with an older oak version that doesn't support those restrictions

      Attachments

        Issue Links

          causes

          Bug - A problem which impairs or prevents the functions of the product. OAK-9791 Missing check for restriction node being present

          • Major - Major loss of function.
          • Closed
          relates to

          Improvement - An improvement or enhancement to an existing feature or task. OAK-9778 Improve exception message with OakAccessControl0013 regarding ACE duplicates

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed
          requires

          Bug - A problem which impairs or prevents the functions of the product. OAK-9782 CompositeRestrictionProvider must call validate on aggregated providers

          • Major - Major loss of function.
          • Closed
          Testing discovered

          Bug - A problem which impairs or prevents the functions of the product. OAK-9782 CompositeRestrictionProvider must call validate on aggregated providers

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. OAK-9779 PermissionConstants.PERMISSION_PROPERTY_NAMES does not list rep:isAllow

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed
          links to

          Web Link GitHub Pull Request #574

          Activity

            People

              angela Angela Schreiber
              angela Angela Schreiber
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: