angela commented on OAK-6540:

[~rombert], IMHO it has nothing to do with the security component as the 
read-only status is not defined by means of security. What I would suggest 
though is to use {{Session.hasCapability}} for that matter... this is exactly 
what your are looking for from a JCR API point of view :-) See 

> Session.hasAccess(...) should reflect read-only status of mounts
> ----------------------------------------------------------------
>                 Key: OAK-6540
>                 URL: https://issues.apache.org/jira/browse/OAK-6540
>             Project: Jackrabbit Oak
>          Issue Type: Improvement
>          Components: composite, security
>            Reporter: Robert Munteanu
>             Fix For: 1.8, 1.7.6
> When a mount is set in read-only mode callers that check 
> {{Session.hasPermission("set_property", ...)}} or 
> {{Session.hasPermission("add_node", ...)}} for mounted paths will believe 
> that they are able to write under those paths. For a composite setup with a 
> read-only mount this should (IMO) reflect that callers are not able to write, 
> taking into account the mount information on top of the ACEs.
> [~anchela], [~stillalex] - WDYT?

This message was sent by Atlassian JIRA

Reply via email to