jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ABAM <insti...@hotmail.com>
Subject AccessControll
Date Wed, 02 May 2012 22:18:47 GMT
Hello

I have a issue that I can not find answer for here or in Jackrabbit
documentation, hope that any of you can help with it.

I am doing the following:

- admin  create "someuser"
- admin create the above node:
/templates/templateall[
	jcr:uuid: a9b629a4-d1dd-4ba3-a602-629e4ca1a7fd
	jcr:mixinTypes: mix:referenceable, rep:AccessControllable, 
	label: templateall
	jcr:primaryType: nt:unstructured
	/templates/templateall/rep:policy[
		jcr:primaryType: rep:ACL
		/templates/templateall/rep:policy/allow[
			rep:privileges: jcr:all, 
			rep:principalName: someuser
			jcr:primaryType: rep:GrantACE

- someuser try to delete /templates/templateall node with the following
exception on save()

javax.jcr.AccessDeniedException: /templates/templateall: not allowed to
remove item
at
org.apache.jackrabbit.core.ItemSaveOperation.validateTransientItems(ItemSaveOperation.java:704)
	at
org.apache.jackrabbit.core.ItemSaveOperation.perform(ItemSaveOperation.java:216)
	at
org.apache.jackrabbit.core.session.SessionState.perform(SessionState.java:216)
	at org.apache.jackrabbit.core.ItemImpl.perform(ItemImpl.java:91)
	at org.apache.jackrabbit.core.ItemImpl.save(ItemImpl.java:329)
	at
org.apache.jackrabbit.core.session.SessionSaveOperation.perform(SessionSaveOperation.java:64)
	at
org.apache.jackrabbit.core.session.SessionState.perform(SessionState.java:216)
	at org.apache.jackrabbit.core.SessionImpl.perform(SessionImpl.java:361)
	at org.apache.jackrabbit.core.SessionImpl.save(SessionImpl.java:812)

- After, I try to delete /templates/templateall with admin user and the
delete is completed successfully.
- Then I try to do the same but I give user "someuser" jcr:all access to
node /templates instead of /templates/templateall, then "someuser" is able
to delete the /templates/templateall successfully

So my conclusion with the first structure example is: "someuser" can remove
any child of node /templates/templateall but not the node itself, is
necesary to provide jcr:removeChildNodes acess no /templates to be able to
do that.

Is my conclusion correct?

Thanks!!

--
View this message in context: http://jackrabbit.510166.n4.nabble.com/AccessControll-tp4604580.html
Sent from the Jackrabbit - Users mailing list archive at Nabble.com.

Mime
View raw message