jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jukka Zitting (Updated) (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (JCR-2863) Session#importXML can't handle properly uuid collision if user has insufficient permission
Date Wed, 16 Nov 2011 12:56:52 GMT

     [ https://issues.apache.org/jira/browse/JCR-2863?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Jukka Zitting updated JCR-2863:
-------------------------------

    Fix Version/s: 2.2.10

Merged to the 2.2 branch in revision 1202684.
                
> Session#importXML can't handle properly uuid collision if user has insufficient permission
> ------------------------------------------------------------------------------------------
>
>                 Key: JCR-2863
>                 URL: https://issues.apache.org/jira/browse/JCR-2863
>             Project: Jackrabbit Content Repository
>          Issue Type: Bug
>          Components: jackrabbit-core, xml
>    Affects Versions: 1.6.1, 2.2.1
>            Reporter: Antoine Brochard
>             Fix For: 2.2.10, 2.3
>
>         Attachments: exception.txt
>
>
> When importing referenceable nodes, if there are nodes with the same uuid in the workspace
but the session has no sufficient permission to read them then the import will fail no matter
what ImportUUIDBehavior is chosen. 
> But the same xml will be imported successfully in another repository or if the user have
read access.
> SessionImpl.java :
>  public NodeImpl getNodeById(NodeId id) ...{
> ...
>  try {
>             return (NodeImpl) getItemManager().getItem(id);
>         } catch (AccessDeniedException ade) {
>             throw new ItemNotFoundException(id.toString());
>         }
> }
> SessionImporter.java :
>  public void startNode(NodeInfo nodeInfo, List propInfos)...{
> ...
>   if (node == null) {
>             // create node
>             if (id == null) {
>             ...
>             } else {
>                 // potential uuid conflict
>                 NodeImpl conflicting;
>                 try {
>                     conflicting = session.getNodeById(id);
>                 } catch (ItemNotFoundException infe) {
>                     conflicting = null;
>                 }
>                 if (conflicting != null) {
>                     // resolve uuid conflict
>                  ...
>                }
> ...
> }
> In the JCR 1.0 spec says "lack of read access to an item blocks access to both information
about the content of that item and information about the existence of the item" but this should
probably not be true, internally, when doing an import. 
> Otherwise it means that read access to an entire workspace must be granted to a user
so that it could successfully use the IMPORT_UUID_CREATE_NEW behaviour.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message