jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Arne v.Irmer" <Arne.vonIr...@tu-dortmund.de>
Subject Re: Losing rights while going throw a binding
Date Wed, 19 Jan 2011 16:00:45 GMT
Hi Angela,
thanks for your answer.
Am 18.01.2011 14:16, schrieb Angela Schreiber:
> hi arne
>
>> there is a strange effect with bindings:
>>
>> I have a node "/foo/bar" where the user x has read and write privileges.
>> Now I clone this node in the home folder of the user in lets say
>> "/home/x/bar".
>> In WebDAV I see the folder but even when I try to list /home/x I got the
>> following message
>>
>> 16:29:43,825 INFO [STDOUT] 16:29:43,824 WARN [DavResourceImpl] unable to
>> calculate parent set
>> javax.jcr.AccessDeniedException: cannot read item
>> 0299ef42-13ba-4107-b850-f93691710e7c
>>
>> In "/home/x/bar" x has the same rights as anonymous. In "/foo/bar" he
>> has his full access rights.
>
> and what about /home/x?
> as far as i know, the message indicates that not all entries of the 
> the DAV:parent-set could be accessed... i would guess that x is not 
> allowed
> to read the parent node at /home/x
I tested it with the webdav-client. The user has read access to /home/x 
and /foo.
>
>> How can I transfer the item number to a file path to know what file
>> causes the AccessDenieException?
>
> it's the node identifier... the warning could be nicer...
> btw: i'm not sure if the log output deserves a warning thought.
>
>> How can I easily see what access rights the node has? In WebDAV the
>> ACL-Information are not to be seen...
>
> not really...
Can I view the ACLs with the standalone-cli?
>
>> Do I have to set the access rights to the node, that I have cloned?
>
> not necessarily... it depends on your needs. in any case: for the
> calculation of the DAV:parent-set the current implementation reads
> the parent of the shared node. setting access rights to the shared
> node would not help... if read-access to the parent is denied.
But the user has read-access up to "/"

What can I do know?
Is there a way to get more informations about the access the user does?

Yours
  Arne

Mime
View raw message