[SLING-1457] AccessControlUtil.replaceAccessControlEntry(..) must preserve the order of the ACEs in the AccessControlList when merging changes into an existing ACE - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: JCR Jackrabbit Access Manager 2.1.0
Fix Version/s: Launchpad Testing 6, JCR Jackrabbit Access Manager 2.1.0, JCR ContentLoader 2.1.0, JCR Base 2.1.0
Component/s: JCR
Labels:
None

Description

As described by Ray Davis on the jackrabbit-users mailing list (see http://www.mail-archive.com/users@jackrabbit.apache.org/msg14734.html ), the order of the ACEs in the AccessControlList is important for resolving conflicting group permissions. When resolving the permissions, if the current user is the member of multiple groups that have permissions specified, then the last group in the ACL wins if there are any conflicts.

The problem is that whenever the sling AccessControlUtil.replaceAccessControlEntry(..) api is invoked to merge changes to an ACE, the old ACE is removed from the ACL and re-added at the end of list of ACEs. Instead, the merge logic should ensure that the updated ACE is in the same position as the ACE that is being updated.

Attachments

Activity

People

Assignee:: Eric Norman

Reporter:: Eric Norman

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 23/Mar/10 15:42

Updated:: 20/Sep/19 11:34

Resolved:: 25/Mar/10 18:40