[jira] [Commented] (JCR-3492) versionHistory.addVersionLabel() fails with AccessDeniedException even when user has proper permission

[Amit Gupta (JIRA)]

    [ 
https://issues.apache.org/jira/browse/JCR-3492?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13555884#comment-13555884
 ] 

Amit Gupta commented on JCR-3492:
---------------------------------

e.g. 
if there is node
/content/foo
and userA has following permissions on above node
jcr:versionManagement
jcr:lockManagement
rep:write
jcr:read

For this user, checkin and checkout calls are successful, but it fails while 
adding version label.

If I add permission to jcr:system version store for userA, then addVersionLabel 
call also succeed. That can be used as a workaround, but it should not be 
needed, version store is an implementation details, and user should not need to 
know about that.
                
> versionHistory.addVersionLabel() fails with AccessDeniedException even when 
> user has proper permission
> ------------------------------------------------------------------------------------------------------
>
>                 Key: JCR-3492
>                 URL: https://issues.apache.org/jira/browse/JCR-3492
>             Project: Jackrabbit Content Repository
>          Issue Type: Bug
>          Components: jackrabbit-core, security
>    Affects Versions: 2.5.2
>            Reporter: Amit Gupta
>            Priority: Critical
>
> If a user does not have access to version store node and following operation 
> fails with access denied
> versionHistory.addVersionLabel(version.getName(), label, true);
> 16.01.2013 12:23:44.740 WARN [0:0:0:0:0:0:0:1 [1358319224592] GET 
> /libs/dam/gui/content/assets/versioning/createversion.html HTTP/1.1] 
> com.adobe.granite.asset.core.impl.AssetVersionManagerImpl Failed to add 
> version label javax.jcr.AccessDeniedException: Access denied.
> at 
> org.apache.jackrabbit.core.security.DefaultAccessManager.checkPermission(DefaultAccessManager.java:193)
> at 
> org.apache.jackrabbit.core.version.VersionHistoryImpl.checkVersionManagementPermission(VersionHistoryImpl.java:311)
> at 
> org.apache.jackrabbit.core.version.VersionHistoryImpl.addVersionLabel(VersionHistoryImpl.java:172)
> whereas the user have proper acl on the node that is being versioned. checkin 
> and checkout operations are successful, it is just the addVersionlabel that 
> fails.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira