jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Frank van Lankvelt (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (JCR-3382) ItemManager.getNode does not do a permission check when the item data is in the item manager cache
Date Wed, 03 Apr 2013 14:33:15 GMT

    [ https://issues.apache.org/jira/browse/JCR-3382?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13620953#comment-13620953
] 

Frank van Lankvelt edited comment on JCR-3382 at 4/3/13 2:31 PM:
-----------------------------------------------------------------

check whether the node can be read after retrieving it from the cache.
Patch was against the jackrabbit-2.6 branch @ revision 1462315
                
      was (Author: lankvelt):
    check whether the node can be read after retrieving it from the cache.
                  
> ItemManager.getNode does not do a permission check when the item data is in the item
manager cache
> --------------------------------------------------------------------------------------------------
>
>                 Key: JCR-3382
>                 URL: https://issues.apache.org/jira/browse/JCR-3382
>             Project: Jackrabbit Content Repository
>          Issue Type: Bug
>    Affects Versions: 2.6
>            Reporter: Unico Hommes
>            Assignee: Unico Hommes
>         Attachments: JCR-3382.patch
>
>
> Read access should be checked irrespective of whether the item data is in the cache or
not. Something might have changed between first reading the node and reading the node again
that impacts read access.
> We are running into the situation where node.hasNode() returns false for a node that
is in the item manager cache and for which access was revoked but node.getNode() returns the
node anyway. So node.hasNode is implemented in the right way, but node.getNode is not.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message