jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stefan Guggisberg" <stefan.guggisb...@day.com>
Subject Re: REMOVE access is not ckecked when moving a node
Date Mon, 19 May 2008 14:36:47 GMT
hi roman

On Sat, May 17, 2008 at 5:50 PM, Roman Puchkovskiy
<roman.puchkovskiy@blandware.com> wrote:
>
> Hi.
>
> When a node is moved using session.move(), should REMOVE access be checked?
> It seems that it's not checked.
> When a node cannot be removed because AccessManager does not allow this, it
> still can be moved.

that's a bug. could you please file a jira issue?

thanks!
stefan

>
> Here's a test:
>
>    public void testMoveNode() throws Exception {
>        Node root = session.getRootNode();
>        Node nodeToMove = root.addNode("nodeToMove");
>        session.save();
>        session.move(nodeToMove.getPath(), "/someNewPath");
>        try {
>            session.save();
>            fail("Move should not be successful!");
>        } catch (AccessDeniedException e) {
>            // expected
>        }
>    }
>
> While AccessManager's isGranted() method is:
>
>    public boolean isGranted(ItemId id, int permissions)
>            throws ItemNotFoundException, RepositoryException {
>        // don't allow to remove any items
>        if ((permissions & REMOVE) == REMOVE) {
>            return false;
>        }
>        return true;
>    }
>
> For comparison: following test passes (it removes a node instead of moving):
>
>    public void testDeleteNode() throws Exception {
>        Node root = session.getRootNode();
>        Node nodeToDelete = root.addNode("nodeToDelete");
>        session.save();
>        nodeToDelete.remove();
>        try {
>            session.save();
>            fail("Removal should not be successful!");
>        } catch (AccessDeniedException e) {
>            // expected
>        }
>    }
>
> Maven project with tests is here:
> http://rpuch.narod.ru/test-remove-access.zip
> --
> View this message in context: http://www.nabble.com/REMOVE-access-is-not-ckecked-when-moving-a-node-tp17293191p17293191.html
> Sent from the Jackrabbit - Users mailing list archive at Nabble.com.
>
>

Mime
View raw message