[
http://jira.magnolia-cms.com/browse/MAGNOLIA-2674?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=22257#action_22257
]
Jan Haderka commented on MAGNOLIA-2674:
---------------------------------------
The main point here was inconsistency. We were already doing this in one
method, but not in the other.
I'm fine following unix perm scheme, as long as we change the piece of code
that tries to remove node data when setting it's value to empty string. This in
combination with unix perm scheme makes it impossible to set proper permissions
for a node in some situations.
> User permissions are not checked consistently when removing node data
> ---------------------------------------------------------------------
>
> Key: MAGNOLIA-2674
> URL: http://jira.magnolia-cms.com/browse/MAGNOLIA-2674
> Project: Magnolia
> Issue Type: Bug
> Components: core, security
> Affects Versions: 4.0.1, 3.6.5
> Reporter: Jan Haderka
> Assignee: Jan Haderka
> Priority: Critical
> Fix For: 3.6.x, 4.0.2, 4.1
>
>
> When removing node data using {{hm.getRoot().delete(String path)}} where
> {{path}} points to node data, the whole path is asserted when checking
> permissions as expected. However when removing very same node data using
> {{hm.getContent(String parentPath).deleteNodeData(String name)}} where
> {{parentPath + "/" + "name" == path}} the remove permission of the parent
> node is checked instead of remove permission of the node data.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.magnolia-cms.com/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
----------------------------------------------------------------
For list details see
http://www.magnolia-cms.com/home/community/mailing-lists.html
To unsubscribe, E-mail to: <[email protected]>
----------------------------------------------------------------
