jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Guggisberg <stefan.guggisb...@gmail.com>
Subject Re: removing a node needs to verify a WRITE or a REMOVE permission?
Date Thu, 22 Jan 2009 08:52:15 GMT
On Wed, Jan 21, 2009 at 7:16 PM, Alessandro Cosenza
<alessandro.cosenza@itkey.it> wrote:
> so when i do node.remove( ) first WRITE is checked and then REMOVE???
> i tried to debug my application but i wasn't able to get a point where
> AccessManager.isGranted is called with
> AccessManager.REMOVE passed-in parameter.

take a look at the ItemImpl#validateTransientItems(Iterator,Iterator) method.
it is called by ItemImpl#save().

the following code is executed at the end of the validateTransientItems method:

<snippet>
        // walk through list of removed transient items and check
REMOVE permission
        while (removedIter.hasNext()) {
            ItemState itemState = (ItemState) removedIter.next();
            ItemId id = itemState.getId();
            // check REMOVE permission
            if (!accessMgr.isGranted(id, AccessManager.REMOVE)) {
                String msg = itemMgr.safeGetJCRPath(id)
                        + ": not allowed to remove item";
                log.debug(msg);
                throw new AccessDeniedException(msg);
            }
        }
</snippet>

cheers
stefan

>
> ----- Original Message ----- From: "Stefan Guggisberg"
> <stefan.guggisberg@gmail.com>
> To: <users@jackrabbit.apache.org>
> Sent: Wednesday, January 21, 2009 6:04 PM
> Subject: Re: removing a node needs to verify a WRITE or a REMOVE permission?
>
>
>> On Wed, Jan 21, 2009 at 5:14 PM, Alessandro Cosenza
>> <alessandro.cosenza@itkey.it> wrote:
>>>
>>> so please does anyone can tell me in which cases REMOVE
>>> permissions are checked in JR 1.4.
>>> When i remove a node a WRITE permission is checked on parent
>>> node instead of a REMOVE one.
>>> why?
>>
>> in jackrabbit (and AFAIK in JCR in general) removing or adding a node
>> does modify
>> the parent node.
>>
>> in jackrabbit 1.4, removing a node does check WRITE on parent node and
>> subsequently
>> REMOVE on target.
>>
>> cheers
>> stefan
>>
>>>
>>> ----- Original Message -----
>>> Da : "Alessandro Cosenza" <alessandro.cosenza@itkey.it>
>>> A : users@jackrabbit.apache.org
>>> Oggetto : Re: removing a node needs to verify a WRITE or a
>>> REMOVE permission?
>>> Data : Wed, 21 Jan 2009 16:13:01 +0100
>>>
>>>> i'm using 1.4
>>>>
>>>> ----- Original Message -----
>>>> Da : Angela Schreiber <anchela@day.com>
>>>> A : users@jackrabbit.apache.org
>>>> Oggetto : Re: removing a node needs to verify a WRITE or a
>>>> REMOVE permission?
>>>> Data : Wed, 21 Jan 2009 16:11:02 +0100
>>>>
>>>> > hi
>>>> >
>>>> > what version of jackrabbit are you using?
>>>> >
>>>> > with the initial steps for jsr 283 security features
>>>> > the AccessManager permissions have been deprecated.
>>>> >
>>>> > as far as i am aware of AccessManager.isGranted(ItemId,
>>>> > int) is (with the latest version of jackrabbit) only
>>>> > used for READ access and those are prone to be replaced
>>>> > as well.
>>>> >
>>>> > angela
>>>> >
>>>> > > hi,
>>>> > > when i call a Node.remove() method it seems JR always
>>>> > > try to check
>>>> > > a WRITE permission (not a REMOVE one) in my
>>>> > > AccessManagerImpl.isGranted().
>>>> > > i could think it's right, but in which cases a REMOVE
>>>> > > permission is checked?
>>>> > > thanks in advance.
>>>> > >
>>>> > >
>>>> >
>>>
>>
>
>
> --------------------------------------------------------------------------------
>
>
>
> Nessun virus nel messaggio in arrivo.
> Controllato da AVG - http://www.avg.com
> Versione: 8.0.176 / Database dei virus: 270.10.10/1906 -  Data di rilascio:
> 21/01/2009 7.07
>
>

Mime
View raw message