jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Angela Schreiber <anch...@adobe.com>
Subject Re: AccessControll
Date Fri, 04 May 2012 09:26:44 GMT

> - Create user "someuser"
> - Create /agb:Templates/agb:TemplateRead and /agb:Templates/agb:TemplateAll
> nodes.
> - User "someuser" be able to delete&  modify agb:TemplateAll node.
> - User "someuser" be able to just read (not delete, not update)
> agb:TemplateRead node.
> I order to do that I create the bellow structure but with the bellow
> structure "someuser" is able to delete
> /agb:Templates/agb:TemplateRead/agb:DatatypeProperties,

really? if you only granted jcr:removeChildNodes on (any) parent node
and the effective permissions on 
/agb:Templates/agb:TemplateRead/agb:DatatypeProperties just was 'read' 
and 'removeChildNode',
the removal should fail upon save... if it doesn't this was a bug
that should be reported into jira including a regular test case
that illustrates the issue. can you test, what was the result of
JackrabbitAccessControlManager#getPrivilege(String, Set<Principal>)
using the admin session and Session#hasPermission(String, String[])
with your someone session for the given target path?

> this is a expected
> behavior due to the jcr:removeChildNodes added on /agb:Templates but is not

actually this isn't expected. see above.

kind regards

View raw message