Conversation
adobe/da-admin#299 lets a folder with no direct grant but a permitted descendant list successfully (filtered), instead of 403. Update the acl_browse test to expect the filtered listing on testdocs, and add a sibling no-permission path (otherdir) to keep true-403 coverage.
|
Hello, I'm the AEM Code Sync Bot and I will run some actions to deploy your branch.
Commits
|
bosschaert
approved these changes
Jul 9, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
acl_browse.spec.jstest formerly named "No access directory should not show anything" to assert the new filtered listing ontestdocs(visible: readwrite-doc, readonly-doc, subdir, dir-readwrite, dir-readonly; hidden: noaccess-doc).otherdir) with zero ACL grants anywhere in its subtree, to keep coverage of the true 403 "no permission at all" case.otherdirfixture assumption inauth.setup.js. Verified against the live da-testautomation ACL config — no rule matches it, no config change needed.Test plan
acl_browse.spec.jsAncestor directory shows only permitted descendantsshows filtered items ontestdocsNo access directory should not show anythingstill 403s onotherdir