Uploaded image for project: '[Read Only] - Hippo Repository'
  1. [Read Only] - Hippo Repository
  2. REPO-1156

When a facet rule contains a reference (path) to a non existing node, not the entire security domain should be skipped

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Normal
    • Resolution: Fixed
    • None
    • 2.28.00
    • None

    Description

      There is a delicate difference between a non-existing Reference wrt the facetrule having hipposys:equals = false or true

      Namely

      1) For non existing Reference and hipposys:equals = false, the FacetRule should be discarded. Note that discarding is something else than a 'always matching rule'! Namely assume there is a domain rule with only a single facetrule that has a non-existing Reference and equals = false, then the domain rule should not add any authorization constrain at all.

      2) For non existing Reference and hipposys:equals = true, the FacetRule should not be discarded but the entire Domain rule should be discarded : Namely, facet rules are AND-ed and there is one facet rule in the Domain that never results to a match.

      Note that currently, for non existing references, an entire security domain gets discarded. Realize that a security domain consists possibly of multiple domain rules.

      Attachments

        Issue Links

          relates to

          Improvement - An improvement or enhancement to an existing feature or task. REPO-1151 Support path based authorization constraints on any jcr node and support it in the authorization query

          • Normal - Normal priority, tasks to be done before next intermediate release
          • Closed

          Activity

            People

              Unassigned Unassigned
              aschrijvers Ard Schrijvers
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: