On Wed, Jan 21, 2009 at 7:16 PM, Alessandro Cosenza
<[email protected]> wrote:
> so when i do node.remove( ) first WRITE is checked and then REMOVE???
> i tried to debug my application but i wasn't able to get a point where
> AccessManager.isGranted is called with
> AccessManager.REMOVE passed-in parameter.
take a look at the ItemImpl#validateTransientItems(Iterator,Iterator) method.
it is called by ItemImpl#save().
the following code is executed at the end of the validateTransientItems method:
<snippet>
// walk through list of removed transient items and check
REMOVE permission
while (removedIter.hasNext()) {
ItemState itemState = (ItemState) removedIter.next();
ItemId id = itemState.getId();
// check REMOVE permission
if (!accessMgr.isGranted(id, AccessManager.REMOVE)) {
String msg = itemMgr.safeGetJCRPath(id)
+ ": not allowed to remove item";
log.debug(msg);
throw new AccessDeniedException(msg);
}
}
</snippet>
cheers
stefan
>
> ----- Original Message ----- From: "Stefan Guggisberg"
> <[email protected]>
> To: <[email protected]>
> Sent: Wednesday, January 21, 2009 6:04 PM
> Subject: Re: removing a node needs to verify a WRITE or a REMOVE permission?
>
>
>> On Wed, Jan 21, 2009 at 5:14 PM, Alessandro Cosenza
>> <[email protected]> wrote:
>>>
>>> so please does anyone can tell me in which cases REMOVE
>>> permissions are checked in JR 1.4.
>>> When i remove a node a WRITE permission is checked on parent
>>> node instead of a REMOVE one.
>>> why?
>>
>> in jackrabbit (and AFAIK in JCR in general) removing or adding a node
>> does modify
>> the parent node.
>>
>> in jackrabbit 1.4, removing a node does check WRITE on parent node and
>> subsequently
>> REMOVE on target.
>>
>> cheers
>> stefan
>>
>>>
>>> ----- Original Message -----
>>> Da : "Alessandro Cosenza" <[email protected]>
>>> A : [email protected]
>>> Oggetto : Re: removing a node needs to verify a WRITE or a
>>> REMOVE permission?
>>> Data : Wed, 21 Jan 2009 16:13:01 +0100
>>>
>>>> i'm using 1.4
>>>>
>>>> ----- Original Message -----
>>>> Da : Angela Schreiber <[email protected]>
>>>> A : [email protected]
>>>> Oggetto : Re: removing a node needs to verify a WRITE or a
>>>> REMOVE permission?
>>>> Data : Wed, 21 Jan 2009 16:11:02 +0100
>>>>
>>>> > hi
>>>> >
>>>> > what version of jackrabbit are you using?
>>>> >
>>>> > with the initial steps for jsr 283 security features
>>>> > the AccessManager permissions have been deprecated.
>>>> >
>>>> > as far as i am aware of AccessManager.isGranted(ItemId,
>>>> > int) is (with the latest version of jackrabbit) only
>>>> > used for READ access and those are prone to be replaced
>>>> > as well.
>>>> >
>>>> > angela
>>>> >
>>>> > > hi,
>>>> > > when i call a Node.remove() method it seems JR always
>>>> > > try to check
>>>> > > a WRITE permission (not a REMOVE one) in my
>>>> > > AccessManagerImpl.isGranted().
>>>> > > i could think it's right, but in which cases a REMOVE
>>>> > > permission is checked?
>>>> > > thanks in advance.
>>>> > >
>>>> > >
>>>> >
>>>
>>
>
>
> --------------------------------------------------------------------------------
>
>
>
> Nessun virus nel messaggio in arrivo.
> Controllato da AVG - http://www.avg.com
> Versione: 8.0.176 / Database dei virus: 270.10.10/1906 - Data di rilascio:
> 21/01/2009 7.07
>
>
