jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Moseley <...@osafoundation.org>
Subject Re: Item.remove() access control
Date Tue, 05 Apr 2005 03:46:27 GMT
Brian Moseley wrote:
> i'm having an access control problem when removing an item (via WebDAV, 
> but i suspect that's not relevant).
> 
> i'm issuing DELETE /webdav/bcm/litmus-results.txt as a regular user of 
> my server who only has permissions on /webdav/bcm and below. 
> DavResourceImpl calls remove() on the Item in question. somewhere below, 
> my AccessManager is asked if read permission isGranted() on /. the 
> answer to this question is false, and the DELETE fails with a 403.
> 
> if i then stop my server and restart it, the repository seems to be out 
> of whack, in that PROPFIND /webdav/bcm/litmus-results.txt returns empty 
> properties D:getlastmodified, D:getcontentlength, etc.
> 
> why is read permission checked on /? and what causes the erroneous 
> PROPFIND response after the failed DELETE?
> 
> thanks!
> 

oh, and another thing:

i worked around the above by granting read permission for the root node 
to all users, but now i'm getting an ItemNotFoundException when 
converting the ItemId of the deleted node to a Path. why jackrabbit is 
asking for permissions on the deleted node i don't know :)

Mime
View raw message