[jira] [Commented] (JCR-3492) versionHistory.addVersionLabel() fails with AccessDeniedException even when user has proper permission

Fri, 03 Jun 2016 03:28:16 -0700 

    [ 
https://issues.apache.org/jira/browse/JCR-3492?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15313947#comment-15313947
 ] 

Ahmad Shahwan commented on JCR-3492:
------------------------------------

Thanks Angela for you answer.

I finally resorted to a dirty hack. I ended up providing my own AccessManager 
in the repository config, that extends Jackrabbit's DefaultAccessManager 
overriding the method checkPermission(Path, int) to skip permissions check when 
permissions equal VERSION_MNGMT. It means that "jcr:versionManagement" is 
granted to everybody, if access rights were queried with only this permission.

For my needs it is fine. It is definitely not a general solution though, as it 
may introduce security flaws.

So far Jackrabbit did a great job for our needs, migration to Oak is not 
considered as for now.

Regards,

> versionHistory.addVersionLabel() fails with AccessDeniedException even when 
> user has proper permission
> ------------------------------------------------------------------------------------------------------
>
>                 Key: JCR-3492
>                 URL: https://issues.apache.org/jira/browse/JCR-3492
>             Project: Jackrabbit Content Repository
>          Issue Type: Bug
>          Components: jackrabbit-core, security, versioning
>    Affects Versions: 2.5.2
>            Reporter: Amit Gupta
>
> If a user does not have access to version store node and following operation 
> fails with access denied
> versionHistory.addVersionLabel(version.getName(), label, true);
> 16.01.2013 12:23:44.740 WARN [0:0:0:0:0:0:0:1 [1358319224592] GET 
> /libs/dam/gui/content/assets/versioning/createversion.html HTTP/1.1] 
> com.adobe.granite.asset.core.impl.AssetVersionManagerImpl Failed to add 
> version label javax.jcr.AccessDeniedException: Access denied.
> at 
> org.apache.jackrabbit.core.security.DefaultAccessManager.checkPermission(DefaultAccessManager.java:193)
> at 
> org.apache.jackrabbit.core.version.VersionHistoryImpl.checkVersionManagementPermission(VersionHistoryImpl.java:311)
> at 
> org.apache.jackrabbit.core.version.VersionHistoryImpl.addVersionLabel(VersionHistoryImpl.java:172)
> whereas the user have proper acl on the node that is being versioned. checkin 
> and checkout operations are successful, it is just the addVersionlabel that 
> fails.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to