Hello Robert, I was surprised that it was required because removing a node and creating a new one doesn't require this permission, and my nodes don't have any mixins. But I've just added the permission to make it work.
Thank you, Guillaume On Thu, Apr 14, 2016 at 11:11 AM, Robert Munteanu <[email protected]> wrote: > Hi Guillaume, > > On Wed, 2016-04-13 at 17:52 +0200, Guillaume Lucazeau wrote: > > Hello, > > > > I have a user granted jcr:read and jcr:write privileges on a resource > > "parentNode". Under this resource, I have two nodes with type > > sling:Folder, > > and I've tried to move a node from one to the other. It fails with > > "javax.jcr.AccessDeniedException: Not allowed to move node", until I > > grant > > my user the privilege "rep:write" on the "parentNode" resource. > > > > I don't get why I have to do that, the Sling documentation doesn't > > even > > talk about "rep:write", which according to Adobe documentation is "a > > jackrabbit specific aggregate privilege of jcr:write > > and jcr:nodeTypeManagement". > > This is probably because jcr:nodeTypeManagement is required for > managing mixins on a node type and setting a new primary type, > including when creating new nodes. > > http://www.day.com/maven/jsr170/javadocs/jcr-2.0/javax/jcr/security/P > rivilege.html#JCR_NODE_TYPE_MANAGEMENT > > I would guess that Session.move tries to set a node type for the > destination node and that's why you need jcr:nodeTypeManagement as > well. > > Robert > > > > > I thought the privileges jcr:modifyProperties jcr:addChildNodes > > jcr:removeNode jcr:removeChildNodes (aggregated in jcr:write) would > > be > > enough to move a node to another parent. I don't mind granting > > "rep:write" > > privilege to my user, but I would like to better understand why it's > > required. > > > > I'm using Sling 7. > > > > Thank you for your help. > > > > Best regards, > > Guillaume > >
