[SLING-9971] AclManagerTest/RepPolicyEntryHandlerTest : no tests for 'deny' entries - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: Content-Package to Feature Model Converter 1.1.0
Component/s: Content-Package to Feature Model Converter
Labels:
None

Description

from what i can see there exists not a single test case for 'deny' access control entries. while i agree that creating deny-entries for system users should be considered bad practice, it's it possible with resource-based access control setup (note though that principal-based access control setup only allows for 'allow' entries, see http://jackrabbit.apache.org/api/2.18/org/apache/jackrabbit/api/security/authorization/PrincipalAccessControlList.html#addEntry-java.lang.String-javax.jcr.security.Privilege:A- and http://jackrabbit.apache.org/oak/docs/security/authorization/principalbased.html#Implementation_Details).

unless the converter intended to prevent 'deny' entries from being used (currently not the case), i think there should be at least 1 test that verifies that deny entries will be properly converted.

Attachments

Issue Links

links to

GitHub Pull Request #44

Activity

People

Assignee:: Karl Pauls

Reporter:: Angela Schreiber

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 03/Dec/20 08:27

Updated:: 17/May/21 11:38

Resolved:: 10/Dec/20 22:33