hi,
again... more questions ;-)
I do:
<mm:listnodes type="teams">
<mm:maydelete>
<mm:deletenode deleterelations="true" />
</mm:maydelete>
</mm:listnodes>To clean op my cloud a bit... :-)
However, if one of the nodes has an alias I get the exception:
org.mmbase.security.SecurityException: Operation 'delete' on 92 was NOT permitted to
admin
at
org.mmbase.security.implementation.context.ContextAuthorization.verify(ContextAuthorization.java:447)
at org.mmbase.bridge.implementation.BasicCloud.verify(BasicCloud.java:528)
at org.mmbase.bridge.implementation.BasicNode.edit(BasicNode.java:285)
at org.mmbase.bridge.implementation.BasicNode.delete(BasicNode.java:630)
at org.mmbase.bridge.implementation.BasicNode.delete(BasicNode.java:626)
at
org.mmbase.bridge.implementation.BasicNode.deleteAliases(BasicNode.java:1053)
at org.mmbase.bridge.implementation.BasicNode.delete(BasicNode.java:656)
at org.mmbase.bridge.jsp.taglib.edit.DeleteNodeTag.doEndTag(Unknown Source)
I've verified that node 494 is the alias to a team node and is owned by 'system', the node itself is owned by 'admin'. Both the alias and the node itself are still in place after this exception.
Two questions:
Why am I not permitted to delete node 494? I've created it! (but it somehow got to be owned by 'system')
Deletion of an alias to a node is a side effect of deleting the node -- should that also be checked in the mayDelete() code? (I did a maydelete check and still got an exception, I don't think it should work that way)
I don't know if it makes any difference what type of security you're using but I'm currently using context security.
... and while I'm at it: Shouldn't there also be maydelete check that takes the deletion of relations into account?
cheers,
Simon
