jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stefan Guggisberg" <stefan.guggisb...@day.com>
Subject Re: REMOVE access is not ckecked when moving a node
Date Mon, 19 May 2008 14:49:54 GMT
On Mon, May 19, 2008 at 4:36 PM, Stefan Guggisberg
<stefan.guggisberg@day.com> wrote:
> hi roman
>
> On Sat, May 17, 2008 at 5:50 PM, Roman Puchkovskiy
> <roman.puchkovskiy@blandware.com> wrote:
>>
>> Hi.
>>
>> When a node is moved using session.move(), should REMOVE access be checked?
>> It seems that it's not checked.
>> When a node cannot be removed because AccessManager does not allow this, it
>> still can be moved.
>
> that's a bug. could you please file a jira issue?

BTW: Workspace#move does work as expected, i.e. REMOVE access is checked.

cheers
stefan

>
> thanks!
> stefan
>
>>
>> Here's a test:
>>
>>    public void testMoveNode() throws Exception {
>>        Node root = session.getRootNode();
>>        Node nodeToMove = root.addNode("nodeToMove");
>>        session.save();
>>        session.move(nodeToMove.getPath(), "/someNewPath");
>>        try {
>>            session.save();
>>            fail("Move should not be successful!");
>>        } catch (AccessDeniedException e) {
>>            // expected
>>        }
>>    }
>>
>> While AccessManager's isGranted() method is:
>>
>>    public boolean isGranted(ItemId id, int permissions)
>>            throws ItemNotFoundException, RepositoryException {
>>        // don't allow to remove any items
>>        if ((permissions & REMOVE) == REMOVE) {
>>            return false;
>>        }
>>        return true;
>>    }
>>
>> For comparison: following test passes (it removes a node instead of moving):
>>
>>    public void testDeleteNode() throws Exception {
>>        Node root = session.getRootNode();
>>        Node nodeToDelete = root.addNode("nodeToDelete");
>>        session.save();
>>        nodeToDelete.remove();
>>        try {
>>            session.save();
>>            fail("Removal should not be successful!");
>>        } catch (AccessDeniedException e) {
>>            // expected
>>        }
>>    }
>>
>> Maven project with tests is here:
>> http://rpuch.narod.ru/test-remove-access.zip
>> --
>> View this message in context: http://www.nabble.com/REMOVE-access-is-not-ckecked-when-moving-a-node-tp17293191p17293191.html
>> Sent from the Jackrabbit - Users mailing list archive at Nabble.com.
>>
>>
>

Mime
View raw message