[jira] [Commented] (OAK-10334) Node.addMixin() may overwrite existing mixins

Marcel Reutegger (Jira) Fri, 30 Jun 2023 07:17:54 -0700


    [ 
https://issues.apache.org/jira/browse/OAK-10334?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17739102#comment-17739102
 ]


Marcel Reutegger commented on OAK-10334:
----------------------------------------

Created draft PR with a test reproducing the issue: 
https://github.com/apache/jackrabbit-oak/pull/1011

> Node.addMixin() may overwrite existing mixins
> ---------------------------------------------
>
>                 Key: OAK-10334
>                 URL: https://issues.apache.org/jira/browse/OAK-10334
>             Project: Jackrabbit Oak
>          Issue Type: Bug
>          Components: jcr
>            Reporter: Marcel Reutegger
>            Priority: Major
>
> A Session lacking permission to read property jcr:mixinTypes, but permission 
> to write will overwrite existing mixins when calling Node.addMixin().
> The implementation does not check if the session has permission to read 
> jcr:mixinTypes and assumes there are no existing values when the session does 
> not have permission. The result is a jcr:mixinTypes property with only a 
> single value passed to addMixin().



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (OAK-10334) Node.addMixin() may overwrite existing mixins

Reply via email to