[
https://issues.apache.org/jira/browse/SLING-3435?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13922813#comment-13922813
]
Mike Müller commented on SLING-3435:
------------------------------------
It is correct that one needs to have READ permissions if he want's to get the
resource to update it. Because you can implement more than one
ResourceAccessGate it can be possible that one gate grants READ and the other
grants UPDATE rights.
Thank you for the new patch and the unit test. Would it be possible to also
create some integration tests to get a more deep testing coverage. I think as
we add now more and more of the initially projected functionality it is very
important to have more tests. Especially because its a security feature.
> ResourceAccessSecurity does not secure access for update operations
> -------------------------------------------------------------------
>
> Key: SLING-3435
> URL: https://issues.apache.org/jira/browse/SLING-3435
> Project: Sling
> Issue Type: New Feature
> Components: ResourceResolver
> Reporter: Marius Petria
> Assignee: Mike Müller
> Attachments: SLING-3435.1.patch, SLING-3435.patch
>
>
> ResourceAccessSecurity should use gates registered for update operations in
> order to secure access to modifiable value maps.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
