Uploaded image for project: 'ModeShape'
  1. ModeShape
  2. MODE-2456

ACL checks are inadvertently disabled

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 4.3.0.Final
    • 4.2.0.Final
    • Security
    • None

    Description

      JcrSession.JcrPresave.aclMetadataRefresh might inadvertently disable ACL check even though nodes with ACLs still exist.

      1. Create a node with two ACLs (ModeShapeLexicon.ACL_COUNT is now 2)
      2. Make a copy of the node using session.getWorkspace().copy (ModeShapeLexicon.ACL_COUNT is now 2)
      3. Remove the two ACLs of the copied node (ModeShapeLexicon.ACL_COUNT is now 0)
      4. aclMetadataRefresh now disables ACL checks globally (repository().repositoryCache().setAccessControlEnabled(false))

      This means that no ACL check will be done on the node created in step 1 even though the node still has ACLs. I do not know if other operations than copy exhibit similar behaviour.

      Attachments

        Activity

          People

            hchiorean Horia Chiorean (Inactive)
            jacobilsoe_jira Jacob Ilsø (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: