[jira] Commented: (SLING-897) Updating a property fires the wrong JCR events

Eric Norman (JIRA) Sun, 22 Aug 2010 09:22:39 -0700

    [ 
https://issues.apache.org/jira/browse/SLING-897?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12901182#action_12901182
 ]


Eric Norman commented on SLING-897:
-----------------------------------

These steps can be used to verify the privileges needed to modify a property:

1. Create user as admin (OK)

curl -F:name=myuser -Fpwd=password -FpwdConfirm=password 
http://admin:ad...@localhost:8080/system/userManager/user.create.html

2. Create node as admin (OK)

curl -F:name=node -FpropOne=propOneValue1 -FpropOne=propOneValue2 
http://admin:ad...@localhost:8080/test/

3. Attempt to update property of node as myuser (500: 
javax.jcr.AccessDeniedException: /test/node/propOne: not allowed to add or 
modify item)

curl -FpropOne=propOneValueChanged 
http://myuser:passw...@localhost:8080/test/node

4. Grant jcr:modifyProperties rights to myuser as admin (OK)

curl -FprincipalId=myuser -fprivil...@jcr:modifyProperties=granted 
http://admin:ad...@localhost:8080/test/node.modifyAce.html

5. Attempt to update properties of node (OK)

curl -FpropOne=propOneValueChanged 
http://myuser:passw...@localhost:8080/test/node


> Updating a property fires the wrong JCR events
> ----------------------------------------------
>
>                 Key: SLING-897
>                 URL: https://issues.apache.org/jira/browse/SLING-897
>             Project: Sling
>          Issue Type: Bug
>          Components: Servlets
>    Affects Versions: Servlets Post 2.0.2
>            Reporter: christian
>            Assignee: Eric Norman
>            Priority: Minor
>
> If you set a single value Proeprty with a Post handled by the PostServlet,
> the related property is removed first and than the value is set.
> While the effect is the desired change of the Property's value, it has 
> side-effects.
> Et least the connected session has to have remove-privilege to set the 
> property.
> Eventing may be unexpected, and other may result.
> Example: 
> String path = "/content/node1";
> String pName = "property1";
> Node node = (Node) session.getRootNode().getIem(path);
> try {
>  session.checkPermission(path+"/"+pName, "set_property")
>   //==allowed
> } catch (AccessControlException) {
> }
> But 
> POST "/content/node1"
> property1=test
> => AccessDenied

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (SLING-897) Updating a property fires the wrong JCR events

Reply via email to