[jira] [Commented] (OAK-823) Missing validation for jcr:uuid property

Fri, 17 May 2013 05:03:19 -0700 

    [ 
https://issues.apache.org/jira/browse/OAK-823?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13660656#comment-13660656
 ] 

Jukka Zitting commented on OAK-823:
-----------------------------------

bq. this will allow someone to modify the jcr:uuid property which not legal in 
JCR

A {{node.setProperty("jcr:uuid", "...")}} at the JCR level throws a 
{{ConstraintViolationException}} also after r1483721, which should be enough.

bq. IMO the problem were are actually having is that we see a modification of 
an existing property while in fact the original property was was removed and a 
new one was added.

The editor/validator mechanism doesn't see that distinction. It intentionally 
only sees the diff of what was there before and after a commit, so there's no 
way to distinguish between a property modification and a delete/add cycle like 
the one Alex outlined. The validator is a wrong place for enforcing constraints 
like this.
                
> Missing validation for jcr:uuid property
> ----------------------------------------
>
>                 Key: OAK-823
>                 URL: https://issues.apache.org/jira/browse/OAK-823
>             Project: Jackrabbit Oak
>          Issue Type: Bug
>          Components: core
>            Reporter: angela
>
> A jcr:uuid property (defined by mix:referenceable) is defined to be
> an autocreated/mandatory/protected property.
> Currently the commit hooks don't make sure that in this case 
> - the value is a valid UUID (propertyAdded)
> - nor does it assert that this property can never be modified 
> (propertyChanged)
> note however, that i might be removed in case the mixin type is removed or
> the primary type gets modified and there is no valid definition left for
> that property. since the type-validator must assert that the mandatory
> property exists (if the node is referenceable) there is not extra verification
> needed in the case of removal.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to