jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Roman Puchkovskiy <roman.puchkovs...@blandware.com>
Subject REMOVE access is not ckecked when moving a node
Date Sat, 17 May 2008 15:50:58 GMT

Hi.

When a node is moved using session.move(), should REMOVE access be checked?
It seems that it's not checked.
When a node cannot be removed because AccessManager does not allow this, it
still can be moved.

Here's a test:

    public void testMoveNode() throws Exception {
        Node root = session.getRootNode();
        Node nodeToMove = root.addNode("nodeToMove");
        session.save();
        session.move(nodeToMove.getPath(), "/someNewPath");
        try {
            session.save();
            fail("Move should not be successful!");
        } catch (AccessDeniedException e) {
            // expected
        }
    }

While AccessManager's isGranted() method is:

    public boolean isGranted(ItemId id, int permissions)
            throws ItemNotFoundException, RepositoryException {
        // don't allow to remove any items
        if ((permissions & REMOVE) == REMOVE) {
            return false;
        }
        return true;
    }

For comparison: following test passes (it removes a node instead of moving):

    public void testDeleteNode() throws Exception {
        Node root = session.getRootNode();
        Node nodeToDelete = root.addNode("nodeToDelete");
        session.save();
        nodeToDelete.remove();
        try {
            session.save();
            fail("Removal should not be successful!");
        } catch (AccessDeniedException e) {
            // expected
        }
    }

Maven project with tests is here:
http://rpuch.narod.ru/test-remove-access.zip
-- 
View this message in context: http://www.nabble.com/REMOVE-access-is-not-ckecked-when-moving-a-node-tp17293191p17293191.html
Sent from the Jackrabbit - Users mailing list archive at Nabble.com.


Mime
View raw message