RE: svn commit: r1021901 - /sling/trunk/bundles/extensions/explorer/src/main/resources/libs/sling/servlet/default/explorer/node.esp

Tue, 12 Oct 2010 13:54:13 -0700 

session.checkPermission does not return anything, it throws a 
java.security.AccessControlException if there's not permission
for the given action or a RepositoryException if something else
goes wrong. But you're right, that JCR does not throw the expected
AccessControlException on the root node. It seems to me also 
rather a bug of jackrabbit...

best regards
mike

> Does this mean that session.checkPermission("/", "remove") can return
> true? If so, that seems like the real bug because you can't remove the
> root node.
> 
> Justin
> 
> On 10/12/10 3:53 PM, [email protected] wrote:
> > Author: mykee
> > Date: Tue Oct 12 19:53:17 2010
> > New Revision: 1021901
> >
> > URL: http://svn.apache.org/viewvc?rev=1021901&view=rev
> > Log:
> > SLING-1818 [explorer] Should not be prompted to delete the root node
> >
> > Modified:
> >
> sling/trunk/bundles/extensions/explorer/src/main/resources/libs/sling/serv
> let/default/explorer/node.esp
> >
> > Modified:
> sling/trunk/bundles/extensions/explorer/src/main/resources/libs/sling/serv
> let/default/explorer/node.esp
> > URL:
> http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/explorer/src/
> main/resources/libs/sling/servlet/default/explorer/node.esp?rev=1021901&
> r1=1021900&r2=1021901&view=diff
> >
> ==========================================================
> ====================
> > ---
> sling/trunk/bundles/extensions/explorer/src/main/resources/libs/sling/serv
> let/default/explorer/node.esp (original)
> > +++
> sling/trunk/bundles/extensions/explorer/src/main/resources/libs/sling/serv
> let/default/explorer/node.esp Tue Oct 12 19:53:17 2010
> > @@ -51,15 +51,21 @@
> >        try {
> >        if ( session ) {
> >            session.checkPermission(path, "remove");
> > +          if (path != '/')
> > +          {
> >            %>
> >              <form class="deleteNote" action="<%= path %>" method="post">
> >                  <input name=":operation" type="hidden" value="delete">
> >                  <input name=":redirect" type="hidden"
> value="<%=request.getContextPath()%><%=
> Packages.org.apache.sling.api.resource.ResourceUtil.getParent(resource)
> %>.explorer.html">
> >                  <input type="submit" class="button" value="delete this 
> > node">
> >              </form>
> > -            <div class="clear"></div>
> > -        </div>
> > +        </div>
> >  <%
> > +     }
> > +     %>
> > +     <div class="clear"></div>
> > +
> > +     <%
> >            }
> >        } catch ( e ) {
> >            // don't care
> >
> >

Reply via email to