hi
- Create user "someuser"
- Create /agb:Templates/agb:TemplateRead and /agb:Templates/agb:TemplateAll
nodes.
- User "someuser" be able to delete& modify agb:TemplateAll node.
- User "someuser" be able to just read (not delete, not update)
agb:TemplateRead node.
I order to do that I create the bellow structure but with the bellow
structure "someuser" is able to delete
/agb:Templates/agb:TemplateRead/agb:DatatypeProperties,
really? if you only granted jcr:removeChildNodes on (any) parent node
and the effective permissions on
/agb:Templates/agb:TemplateRead/agb:DatatypeProperties just was 'read'
and 'removeChildNode',
the removal should fail upon save... if it doesn't this was a bug
that should be reported into jira including a regular test case
that illustrates the issue. can you test, what was the result of
JackrabbitAccessControlManager#getPrivilege(String, Set<Principal>)
using the admin session and Session#hasPermission(String, String[])
with your someone session for the given target path?
this is a expected
behavior due to the jcr:removeChildNodes added on /agb:Templates but is not
actually this isn't expected. see above.
kind regards
angela
