[
https://issues.apache.org/jira/browse/JCR-3492?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15312280#comment-15312280
]
Ahmad SHAHWAN commented on JCR-3492:
------------------------------------
I hit this problem today.
Since there is no solution in sight, and patching it myself seems to be more
error prone than anything else, I decided to go for the workaround.
Alas, the workaround doesn't seem to really work for me.
I wanted to granting (everyone) the privilege jcr:versionManagement on
/jcr:system/jcr:versionStorage/. However, iterating existing access control
policies at that path gives only one policy of type
org.apache.jackrabbit.core.security.authorization.UnmodifiableAccessControlList,
immutable.
Applicable policies, obtained through
AccessControlManager.getApplicablePolicies("/jcr:system/jcr:versionStorage"),
gave no other options neither.
Using "/jcr:system" as the path instead of "/jcr:system/jcr:versionStorage"
proved no better.
It seems as if one cannot change access right at /jcr:system.
This is a real issue as it renders version labelling as defined by the JCR
specs inaccessible.
Will this issue still be considered in the near future? Any other suggestions
for workaround will be greatly appreciated.
I user org.apache.jackrabbit.core.security.authorization.acl.ACLProvider as an
access control provider.
Bests,
> versionHistory.addVersionLabel() fails with AccessDeniedException even when
> user has proper permission
> ------------------------------------------------------------------------------------------------------
>
> Key: JCR-3492
> URL: https://issues.apache.org/jira/browse/JCR-3492
> Project: Jackrabbit Content Repository
> Issue Type: Bug
> Components: jackrabbit-core, security, versioning
> Affects Versions: 2.5.2
> Reporter: Amit Gupta
>
> If a user does not have access to version store node and following operation
> fails with access denied
> versionHistory.addVersionLabel(version.getName(), label, true);
> 16.01.2013 12:23:44.740 WARN [0:0:0:0:0:0:0:1 [1358319224592] GET
> /libs/dam/gui/content/assets/versioning/createversion.html HTTP/1.1]
> com.adobe.granite.asset.core.impl.AssetVersionManagerImpl Failed to add
> version label javax.jcr.AccessDeniedException: Access denied.
> at
> org.apache.jackrabbit.core.security.DefaultAccessManager.checkPermission(DefaultAccessManager.java:193)
> at
> org.apache.jackrabbit.core.version.VersionHistoryImpl.checkVersionManagementPermission(VersionHistoryImpl.java:311)
> at
> org.apache.jackrabbit.core.version.VersionHistoryImpl.addVersionLabel(VersionHistoryImpl.java:172)
> whereas the user have proper acl on the node that is being versioned. checkin
> and checkout operations are successful, it is just the addVersionlabel that
> fails.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
