jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jukka Zitting (JIRA)" <j...@apache.org>
Subject [jira] Updated: (JCR-1743) Session.checkPermission: add_node and set_property evaluation are not handled differently
Date Tue, 23 Sep 2008 15:29:44 GMT

     [ https://issues.apache.org/jira/browse/JCR-1743?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Jukka Zitting updated JCR-1743:

    Attachment: JCR-1743.patch

Proposed patch that creates a new PropertyId for the non-existing property and uses that in
the AccessManager.checkPermission call.

While I was at it, I also added safeguards against paths like /path/to/property/property or

The trouble with this patch is that it may break existing AccessManager implementations that
expect checkPermission calls for new properties to be WRITE requests for the parent node.
Perhaps we should add a marker interface or something similar that an AccessManager that does
need this functionality must implement. This way we could keep full backwards compatibility
at the expense of some extra trouble.

Note that all this will only affect the 1.4 branch.

> Session.checkPermission: add_node and set_property evaluation are not handled differently
> -----------------------------------------------------------------------------------------
>                 Key: JCR-1743
>                 URL: https://issues.apache.org/jira/browse/JCR-1743
>             Project: Jackrabbit
>          Issue Type: Bug
>    Affects Versions: core 1.4.5
>            Reporter: Tobias Bocanegra
>            Assignee: Jukka Zitting
>             Fix For: core 1.4.6
>         Attachments: JCR-1743.patch
> if the property does not exist yet, Session.checkPermission invokes an AccessManager.checkPermission(...
WRITE) for both cases. i.e. the access manager has no means for handle a "add_node" differently
from a "set_property" 
> suggest to create a fake property id for the case where the property does not exist.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message