jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alessandro Cosenza" <alessandro.cose...@itkey.it>
Subject Re: removing a node needs to verify a WRITE or a REMOVE permission?
Date Thu, 22 Jan 2009 10:49:41 GMT
yes stefan thanks,i was able to debug my application and
reach
this part of source code.but for what i see in JR 1.5
permissions types
are changed right? also i have seen that there are many new
classes
such as Authorizable, User, Group...can i see these classes
like a support for RBAC model?can you explain how do they
work?

----- Original Message -----
Da : Stefan Guggisberg <stefan.guggisberg@gmail.com>
A : users@jackrabbit.apache.org
Oggetto : Re: removing a node needs to verify a WRITE or a
REMOVE permission?
Data : Thu, 22 Jan 2009 09:52:15 +0100

> On Wed, Jan 21, 2009 at 7:16 PM, Alessandro Cosenza
> <alessandro.cosenza@itkey.it> wrote:
> > so when i do node.remove( ) first WRITE is checked and
> > then REMOVE??? i tried to debug my application but i
> > wasn't able to get a point where AccessManager.isGranted
> > is called with AccessManager.REMOVE passed-in parameter.
> 
> take a look at the
> ItemImpl#validateTransientItems(Iterator,Iterator) method.
> it is called by ItemImpl#save().
> 
> the following code is executed at the end of the
> validateTransientItems method:
> 
> <snippet>
>         // walk through list of removed transient items
> and check REMOVE permission
>         while (removedIter.hasNext()) {
>             ItemState itemState = (ItemState)
> removedIter.next();
>             ItemId id = itemState.getId();
>             // check REMOVE permission
>             if (!accessMgr.isGranted(id,
> AccessManager.REMOVE)) {
>                 String msg = itemMgr.safeGetJCRPath(id)
>                         + ": not allowed to remove item";
>                 log.debug(msg);
>                 throw new AccessDeniedException(msg);
>             }
>         }
> </snippet>
> 
> cheers
> stefan
> 
> >
> > ----- Original Message ----- From: "Stefan Guggisberg"
> > <stefan.guggisberg@gmail.com>
> > To: <users@jackrabbit.apache.org>
> > Sent: Wednesday, January 21, 2009 6:04 PM
> > Subject: Re: removing a node needs to verify a WRITE or
> a REMOVE permission? >
> >
> >> On Wed, Jan 21, 2009 at 5:14 PM, Alessandro Cosenza
> >> <alessandro.cosenza@itkey.it> wrote:
> >>>
> >>> so please does anyone can tell me in which cases
> REMOVE >>> permissions are checked in JR 1.4.
> >>> When i remove a node a WRITE permission is checked on
> parent >>> node instead of a REMOVE one.
> >>> why?
> >>
> >> in jackrabbit (and AFAIK in JCR in general) removing or
> adding a node >> does modify
> >> the parent node.
> >>
> >> in jackrabbit 1.4, removing a node does check WRITE on
> parent node and >> subsequently
> >> REMOVE on target.
> >>
> >> cheers
> >> stefan
> >>
> >>>
> >>> ----- Original Message -----
> >>> Da : "Alessandro Cosenza"
> <alessandro.cosenza@itkey.it> >>> A :
> users@jackrabbit.apache.org >>> Oggetto : Re: removing a
> node needs to verify a WRITE or a >>> REMOVE permission?
> >>> Data : Wed, 21 Jan 2009 16:13:01 +0100
> >>>
> >>>> i'm using 1.4
> >>>>
> >>>> ----- Original Message -----
> >>>> Da : Angela Schreiber <anchela@day.com>
> >>>> A : users@jackrabbit.apache.org
> >>>> Oggetto : Re: removing a node needs to verify a WRITE
> or a >>>> REMOVE permission?
> >>>> Data : Wed, 21 Jan 2009 16:11:02 +0100
> >>>>
> >>>> > hi
> >>>> >
> >>>> > what version of jackrabbit are you using?
> >>>> >
> >>>> > with the initial steps for jsr 283 security
> features >>>> > the AccessManager permissions have been
> deprecated. >>>> >
> >>>> > as far as i am aware of
> AccessManager.isGranted(ItemId, >>>> > int) is (with the
> latest version of jackrabbit) only >>>> > used for READ
> access and those are prone to be replaced >>>> > as well.
> >>>> >
> >>>> > angela
> >>>> >
> >>>> > > hi,
> >>>> > > when i call a Node.remove() method it seems JR
> always >>>> > > try to check
> >>>> > > a WRITE permission (not a REMOVE one) in my
> >>>> > > AccessManagerImpl.isGranted().
> >>>> > > i could think it's right, but in which cases a
> REMOVE >>>> > > permission is checked?
> >>>> > > thanks in advance.
> >>>> > >
> >>>> > >
> >>>> >
> >>>
> >>
> >
> >
> >
> ----------------------------------------------------------
> ---------------------- >
> >
> >
> > Nessun virus nel messaggio in arrivo.
> > Controllato da AVG - http://www.avg.com
> > Versione: 8.0.176 / Database dei virus: 270.10.10/1906 -
> >  Data di rilascio: 21/01/2009 7.07
> >
> >

Mime
View raw message