[OAK-8855] Permission evaluation of nodes broken after :nestedCug removed from parent node - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 1.8.7
Fix Version/s: 1.26.0, 1.8.21, 1.22.1
Component/s: authorization-cug
Labels:
None

Description

Steps to Reproduce:

Create a node 'a' which has two children nodes 'b1' and 'b2'. The content tree looks as shown: /content/a/b1, /content/a/b2. Create two users user1 and user2.
Apply CUG policy on /content/a.
- Authorize user1 and user2 to read /content/a.
- Authorize user1 to read /content/a/b1.
- Authorize user2 to read /content/a/b2.
Remove :nestedCugs property from /content/a/rep:cugPolicy.
Create a content session, login with user2. Try to read /content/a/b1.

Observed behavior : user2 is able to read /content/a/b1.

Expected behavior : user2 should not be able to read /content/a/b1 as it is unauthorized to do so.

Please note that :nestedCugs is removed by a mechanism which completely overwrites content tree below "/content/a".

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

OAK-8855.patch
31/Jan/20 11:14
11 kB
Kunal Shubham
OAK-8855_backport.patch
15/Jan/20 11:20
10 kB
Kunal Shubham

Activity

People

Assignee:: Angela Schreiber

Reporter:: Kunal Shubham

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 14/Jan/20 08:45

Updated:: 12/Sep/23 09:00

Resolved:: 03/Feb/20 09:26