[
https://issues.apache.org/jira/browse/SLING-416?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12594142#action_12594142
]
Carsten Ziegeler commented on SLING-416:
----------------------------------------
Hi, this has been fixed in the SlingPostProcessor.
> Sling Post Processor should try to create nodes using longest path first
> ------------------------------------------------------------------------
>
> Key: SLING-416
> URL: https://issues.apache.org/jira/browse/SLING-416
> Project: Sling
> Issue Type: Bug
> Components: Post Servlets
> Reporter: Carsten Ziegeler
> Assignee: Carsten Ziegeler
> Fix For: 2.0.0
>
>
> The current deepGetOrCreateNode method implementation starts from the root
> node to get/create a complete path.
> Assumging that /tmp/a/b is passed into the method, first the root node, then
> tmp, followed by tmp/a and tmp/a/b is tried to get. Each time such a node is
> not available it is created.
> This approach has problems when it comes to ACLs; assuming that the current
> user has only read/write access to a sub tree, this algorithm fails as soon
> as the root node or the parent node is accessed. Example: user is allowed to
> read/write to /foo/bar but is neiter allowed to read/write to /foo. In this
> case as soon as /foo is accessed the processing stops by an exception
> although the operation is completly legal.
> The algorithm has to be reverted by using longest path match first, like
> first checking if /tmp/a/b exists, if not if /tmp/a exists and so on. As soon
> as a node is found, the creation can start in the same order as currently.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
