AccessControll

Wed, 02 May 2012 15:21:46 -0700 

Hello

I have a issue that I can not find answer for here or in Jackrabbit
documentation, hope that any of you can help with it.

I am doing the following:

- admin  create "someuser"
- admin create the above node:
/templates/templateall[
        jcr:uuid: a9b629a4-d1dd-4ba3-a602-629e4ca1a7fd
        jcr:mixinTypes: mix:referenceable, rep:AccessControllable, 
        label: templateall
        jcr:primaryType: nt:unstructured
        /templates/templateall/rep:policy[
                jcr:primaryType: rep:ACL
                /templates/templateall/rep:policy/allow[
                        rep:privileges: jcr:all, 
                        rep:principalName: someuser
                        jcr:primaryType: rep:GrantACE

- someuser try to delete /templates/templateall node with the following
exception on save()

javax.jcr.AccessDeniedException: /templates/templateall: not allowed to
remove item
at
org.apache.jackrabbit.core.ItemSaveOperation.validateTransientItems(ItemSaveOperation.java:704)
        at
org.apache.jackrabbit.core.ItemSaveOperation.perform(ItemSaveOperation.java:216)
        at
org.apache.jackrabbit.core.session.SessionState.perform(SessionState.java:216)
        at org.apache.jackrabbit.core.ItemImpl.perform(ItemImpl.java:91)
        at org.apache.jackrabbit.core.ItemImpl.save(ItemImpl.java:329)
        at
org.apache.jackrabbit.core.session.SessionSaveOperation.perform(SessionSaveOperation.java:64)
        at
org.apache.jackrabbit.core.session.SessionState.perform(SessionState.java:216)
        at org.apache.jackrabbit.core.SessionImpl.perform(SessionImpl.java:361)
        at org.apache.jackrabbit.core.SessionImpl.save(SessionImpl.java:812)

- After, I try to delete /templates/templateall with admin user and the
delete is completed successfully.
- Then I try to do the same but I give user "someuser" jcr:all access to
node /templates instead of /templates/templateall, then "someuser" is able
to delete the /templates/templateall successfully

So my conclusion with the first structure example is: "someuser" can remove
any child of node /templates/templateall but not the node itself, is
necesary to provide jcr:removeChildNodes acess no /templates to be able to
do that.

Is my conclusion correct?

Thanks!!

--
View this message in context: 
http://jackrabbit.510166.n4.nabble.com/AccessControll-tp4604580.html
Sent from the Jackrabbit - Users mailing list archive at Nabble.com.

Reply via email to