[
https://issues.apache.org/jira/browse/JCR-1743?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jukka Zitting updated JCR-1743:
-------------------------------
Attachment: JCR-1743-alternative.patch
Attached an alternative patch that tries to solve the backwards compatibility
issue by catching ItemNotFoundExceptions thrown by AccessManager
implementations that always expect the target item to exist. In such cases we
fall back to the previous behaviour of asking for WRITE permission on the
parent node.
> Session.checkPermission: add_node and set_property evaluation are not handled
> differently
> -----------------------------------------------------------------------------------------
>
> Key: JCR-1743
> URL: https://issues.apache.org/jira/browse/JCR-1743
> Project: Jackrabbit
> Issue Type: Improvement
> Components: jackrabbit-core, security
> Affects Versions: core 1.4.5
> Reporter: Tobias Bocanegra
> Assignee: Jukka Zitting
> Fix For: core 1.4.6
>
> Attachments: JCR-1743-alternative.patch, JCR-1743.patch
>
>
> if the property does not exist yet, Session.checkPermission invokes an
> AccessManager.checkPermission(... WRITE) for both cases. i.e. the access
> manager has no means for handle a "add_node" differently from a
> "set_property"
> suggest to create a fake property id for the case where the property does not
> exist.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
