Uploaded image for project: 'Jackrabbit Content Repository'
  1. Jackrabbit Content Repository
  2. JCR-3966

AccessControlUtils should not depend on ability to read other users

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Invalid
    • Affects Version/s: 2.12.1
    • Fix Version/s: None
    • Component/s: jackrabbit-jcr-commons
    • Labels:
      None

      Description

      Most methods in AccessControlUtils - while taking the principal name as argument - always fetch the principal via the jackrabbit PrincipalManager.

      This (at least in Oak) requires the user to have read access on the user behind the principal, otherwise it returns null and an NPE is thrown and no ACs are set.

      Setting an AC however does not (and should not) require access to the complete user, and can be done by implementing the principal on the spot:

      new JackrabbitPrincipal() {
          @Override
          public String getName() {
              return principalName;
          }
      };
      

      This uses the JackrabbitPrincipal as the PrincipalImpl in Oak casts to this one for the equality test.

      Filevault does the same.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              alexander.klimetschek Alexander Klimetschek
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: