jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "angela (JIRA)" <j...@apache.org>
Subject [jira] Updated: (JCR-1729) Node#addNode failes with AccessDeniedException if session lacks read-permission to an acestor
Date Thu, 16 Oct 2008 08:14:44 GMT

     [ https://issues.apache.org/jira/browse/JCR-1729?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

angela updated JCR-1729:
------------------------

    Component/s: security

> Node#addNode failes with AccessDeniedException if session lacks read-permission to an
acestor
> ---------------------------------------------------------------------------------------------
>
>                 Key: JCR-1729
>                 URL: https://issues.apache.org/jira/browse/JCR-1729
>             Project: Jackrabbit
>          Issue Type: Bug
>          Components: jackrabbit-core, security
>            Reporter: christian
>            Priority: Minor
>
> Consider a Session that has following permissions:
> /home  -> no permission
> /home/myself -> read|remove|set_property|add_node
> if this session tries to add a Node to /home/myself.
> An AccessDeniedException is thrown indicateing that it can not read /home.
> The Exception is caused by the Node's check, if it is checked-out.
> This check asumes that the session has read-access to all its ancestors.
> Which breaks in this case:
> see NodeImpl internalIsCheckedOut()   (ln 3875)

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message