jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lars Krapf (JIRA)" <j...@apache.org>
Subject [jira] [Created] (JCR-3007) setProperty access control evaluation does not properly cope with XA transactions
Date Wed, 29 Jun 2011 15:21:28 GMT
setProperty access control evaluation does not properly cope with XA transactions
---------------------------------------------------------------------------------

                 Key: JCR-3007
                 URL: https://issues.apache.org/jira/browse/JCR-3007
             Project: Jackrabbit Content Repository
          Issue Type: Bug
          Components: jackrabbit-core
    Affects Versions: 2.2.7
            Reporter: Lars Krapf


This is another instance of the problems with ACL evaluation within transactions described
in https://issues.apache.org/jira/browse/JCR-2999.
In this case PropertyImpl#getParent() called from PropertyImpl#checkSetValue() is trying to
check read permissions of the yet uncommited parent and thus fails with an ItemNotFound exception.

The problem is reproducible with the following test:

public void testTransaction() throws Exception {

        // make sure testUser has all privileges
        Privilege[] privileges = privilegesFromName(Privilege.JCR_ALL);
        givePrivileges(path, privileges, getRestrictions(superuser, path));

        // create new node and lock it
        Session s = getTestSession();
        UserTransaction utx = new UserTransactionImpl(s);
        utx.begin();

        // add node and save it
        Node n = s.getNode(childNPath);
        if (n.hasNode(nodeName1)) {
            Node c = n.getNode(nodeName1);
            c.remove();
            s.save();
        }

        // create node and save
        Node n2 = n.addNode(nodeName1);
        s.save(); // -> node is NEW -> no failure

        // set a property on a child node of an uncommited parent
        n2.setProperty(propertyName1, "testSetProperty");
        s.save();  // -> fail because PropertyImpl#getParent called from PropertyImpl#checkSetValue
                       //    was checking read permission on the not yet commited parent

        // commit
        utx.commit();
    }

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message