Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
Description
Oak default authorization setup allows to configure paths that are always readable, which by default applies to namespaces, node types and privileges.
Today AccessControlManager.getEffectivePolicies(String path) includes a NamedAccessControllPolicy if the path refers to a node where this read-policy is configured.
In contrast JackrabbitAccessControlManager.getEffectivePolicies(Set principals) does not include it. Obviously this ReadPolicy applies for every set of principals.
However, for consistency and to avoid confusion the NamedAccessControllPolicy should be included in the set if the editing session has sufficient permission on any of the configured paths.
Note: filed this as improvement request (and not a bug) because getEffectivePolicy is specified to be a best-effort method.
Attachments
Issue Links
- is required by
-
OAK-10130 Add API to retrieve effective policies for a set of principals for a given path
-
- Closed
-
- links to