jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Angela Schreiber <anch...@adobe.com>
Subject Re: ACL and Version Control
Date Wed, 27 Jul 2011 08:13:56 GMT
hi chad

> I suppose this could be a bug in the davex remoting stack, on the
> service side of the equation.

could be. can you provide a test case that allows me to reproduce the
problem? that would be helpful.

> Or is this expected by your understanding?

not really.

>> note however, that this only covers the execution. reading
>> version related content is controlled by regular read permissions.
>> one more thing to be aware of: version operations such as checkin
>> also require read-access to the corresponding part of the version
>> storage. this is rather cumbersome and covered by an jira issue [2]
> I'm not entirely sure that I understand this, and the referenced
> ticket.  Are you saying that successful version control operations,
> such as checkin, depend upon BOTH:
> 1) jcr:versionManagement on the node which will be versioned
> 2) read access to the entire version tree, i.e. /jcr:system/jcr:versionStorage

yes as a matter of fact since there is not reasonable way to restrict
the access on the versionstorage.

> I understand requirement one easily enough.  And I think I understand
> number two -- I'm using the Default . . . AccessManager,
> SecurityManager and LoginModule, and I'm using admin/admin.  I have
> attached no ACL's to anything in the system tree, so I would expect
> that my admin user has read permissions on the entire version tree.

yes. admin has all permissions everywhere.

> Actually, I would expect that my other users also have read access on
> that tree; perhaps I'm wrong here?

that obviously depends on the permission you set up.


View raw message