anchela commented on code in PR #1011:
URL: https://github.com/apache/jackrabbit-oak/pull/1011#discussion_r1276572235
##########
oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/session/NodeImpl.java:
##########
@@ -1015,6 +1015,9 @@ public void checkPreconditions() throws
RepositoryException {
throw new VersionException(format(
"Cannot add mixin type. Node [%s] is checked in.",
getNodePath()));
}
+ // OAK-10334: adding mixin requires permission to read
existing mixin types
+ PropertyState prop =
PropertyStates.createProperty(JCR_MIXINTYPES, singleton(oakTypeName), NAMES);
+
sessionContext.getAccessManager().checkPermissions(dlg.getTree(), prop,
Permissions.READ_PROPERTY);
Review Comment:
@stefan-egli , what i meant was: if the mixin property is not readable to
the current session we could obtain the existing values from the
read-only-tree. this would prevent the overwrite issue.
> if we went the getReadOnlyTree way, then this wouldn't be needed
not sure i get that.... but what i intended to suggest is to also keep
Node.canAddMixin in mind and make sure the 2 methods are consistent. hope that
helps.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
