Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
-
None
Description
I have following node structure:
/test /test/child /foo
When I set Principal based privileges to some user as:
Map<String, Value> restrictions = new HashMap<String, Value>(); ValueFactory vf = session.getValueFactory(); restrictions.put("rep:nodePath", vf.createValue("/test", PropertyType.PATH)); restrictions.put("rep:glob", vf.createValue("")); jacl.addEntry(principal, privileges, allow, restrictions); acManager.setPolicy(jacl.getPath(), jacl); session.save();
where according to this documentation
http://jackrabbit.apache.org/api/2.2/org/apache/jackrabbit/core/security/authorization/GlobPattern.html empty string means "matches /foo only", user can see only:
/test
without a child, which is correct. But when I set:
Map<String, Value> restrictions = new HashMap<String, Value>(); ValueFactory vf = session.getValueFactory(); restrictions.put("rep:nodePath", vf.createValue("/", PropertyType.PATH)); restrictions.put("rep:glob", vf.createValue("")); jacl.addEntry(principal, privileges, allow, restrictions); acManager.setPolicy(jacl.getPath(), jacl); session.save();
then user can see all descendants of root:
/test /test/child /foo
which is not correct
Attachments
Issue Links
- relates to
-
OAK-7233 Improve rep:glob documentation
- Closed