jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ju...@apache.org
Subject svn commit: r767907 - /jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ItemImpl.java
Date Thu, 23 Apr 2009 12:54:38 GMT
Author: jukka
Date: Thu Apr 23 12:54:38 2009
New Revision: 767907

URL: http://svn.apache.org/viewvc?rev=767907&view=rev
Log:
JCR-2036: Set_property permission not checked when saving a new node

Applied patch by Bart van der Schans to the 1.5 branch.

Modified:
    jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ItemImpl.java

Modified: jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ItemImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ItemImpl.java?rev=767907&r1=767906&r2=767907&view=diff
==============================================================================
--- jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ItemImpl.java
(original)
+++ jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ItemImpl.java
Thu Apr 23 12:54:38 2009
@@ -372,18 +372,15 @@
         while (dirtyIter.hasNext()) {
             ItemState itemState = (ItemState) dirtyIter.next();
 
-            if (itemState.getStatus() != ItemState.STATUS_NEW) {
-                /* transient item is not 'new', therefore it has to be 'modified'
-                   detect the effective set of modification:
-                   - child additions -> add_node perm on the child
-                   - property additions, modifications or removals -> set_property permission
-                   note: removed items are checked later on.
-                */
-                // check WRITE permission
-                Path path = stateMgr.getHierarchyMgr().getPath(itemState.getId());
-                boolean isGranted = true;
-                if (itemState.isNode()) {
+            // check WRITE permission
+            Path path = stateMgr.getHierarchyMgr().getPath(itemState.getId());
+            boolean isGranted = true;
+            if (itemState.isNode()) {
+                if (itemState.getStatus() != ItemState.STATUS_NEW) {
                     // modified node state -> check possible modifications
+                    // - child additions -> add_node perm on the child
+                    // - property additions, modifications or removals -> set_property
permission
+                    // note: removed items are checked later on.
                     NodeState nState = (NodeState) itemState;
                     for (Iterator it = nState.getAddedChildNodeEntries().iterator();
                          it.hasNext() && isGranted;) {
@@ -395,15 +392,16 @@
                         Name propName = (Name) it.next();
                         isGranted = accessMgr.isGranted(path, propName, Permission.SET_PROPERTY);
                     }
-                } else {
-                    isGranted = accessMgr.isGranted(path, Permission.SET_PROPERTY);
                 }
+            } else {
+                // a property has been modified or added, check set_poperty
+                isGranted = accessMgr.isGranted(path, Permission.SET_PROPERTY);
+            }
 
-                if (!isGranted) {
-                    String msg = itemMgr.safeGetJCRPath(path) + ": not allowed to modify
item";
-                    log.debug(msg);
-                    throw new AccessDeniedException(msg);
-                }
+            if (!isGranted) {
+                String msg = itemMgr.safeGetJCRPath(path) + ": not allowed to modify item";
+                log.debug(msg);
+                throw new AccessDeniedException(msg);
             }
 
             if (itemState.isNode()) {



Mime
View raw message