Uploaded image for project: 'Sling'
  1. Sling
  2. SLING-9956

RepPolicyEntryHandler ignores ACEs on repository level

    XMLWordPrintableJSON

Details

    Description

      based on my reading of https://github.com/apache/sling-org-apache-sling-feature-cpconverter/blob/master/src/main/java/org/apache/sling/feature/cpconverter/handlers/RepPolicyEntryHandler.java#L56

      i don't see how the converter would handle service user permissions that are defined for the repository level that in JCR access control management API are defined using a null path.

      with the default authorization module in oak the corresponding ACL is stored at the root node with a dedicated policy node named rep:repoPolicy (see http://jackrabbit.apache.org/oak/docs/security/accesscontrol/default.html#representation)

      i guess this bug requires 3 steps:

      set ACL for alice,bob
          allow jcr:namespaceManagement on :repository
      end
      

      Attachments

        1. SLING-9956.patch
          21 kB
          Angela Schreiber

        Issue Links

          Activity

            People

              angela Angela Schreiber
              angela Angela Schreiber
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: