Uploaded image for project: 'Jackrabbit Oak'
  1. Jackrabbit Oak
  2. OAK-842

Incorrect interaction of orderable child nodes with permission evaluation

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 0.17
    • core, security
    • None

    Description

      Working on OAK-813 revealed problems with the interaction of the current implementation of orderable nodes and access control:

      • TreeImpl#getOrderedChildNames returns all child names regardless whether they are accessible in the current session or not. This might cause errors further down the line like exposure of the existence of child nodes.
      • TreeImpl.remove doesn't (can't) update the child order property if the parent is not accessible.

      Attachments

        Issue Links

          blocks

          Task - A task that needs to be done. OAK-527 Implement Permission evaluation

          • Major - Major loss of function.
          • Closed

          Activity

            People

              Unassigned Unassigned
              mduerig Michael Dürig
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: