jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "angela (JIRA)" <j...@apache.org>
Subject [jira] Created: (JCR-2425) Session.save() and Session.refresh(boolean) rely on accessibility of the root node
Date Fri, 04 Dec 2009 14:36:20 GMT
Session.save() and Session.refresh(boolean) rely on accessibility of the root node
----------------------------------------------------------------------------------

                 Key: JCR-2425
                 URL: https://issues.apache.org/jira/browse/JCR-2425
             Project: Jackrabbit Content Repository
          Issue Type: Bug
          Components: jackrabbit-core
            Reporter: angela


follow-up issue to JCR-2418:

an editing session that is only allowed to write in a subtree but isn't allowed to access
the root node will not be
able to save or revert changes made in the transient space within that subtree.

the reason for this is, that both SessionImpl.save() and SessionImpl.refresh(boolean) access
the root node
in order to execute the call. since it's the regular call READ permissions are checked, although
the user
made no attempt to *look* at the root.

A workaround would be to call Item.save() on the modified tree itself that obviously was visible
for the 
user... unfortunately that method is deprecated as of JCR 2.0. Therefore, I have the impression
that we
should fix the methods mentioned above.



-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message