You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-issues@jackrabbit.apache.org by "angela (JIRA)" <ji...@apache.org> on 2015/03/30 16:57:53 UTC
[jira] [Updated] (OAK-2244) Content can be change by users that do
not own the lock
[ https://issues.apache.org/jira/browse/OAK-2244?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
angela updated OAK-2244:
------------------------
Fix Version/s: (was: 1.2)
> Content can be change by users that do not own the lock
> -------------------------------------------------------
>
> Key: OAK-2244
> URL: https://issues.apache.org/jira/browse/OAK-2244
> Project: Jackrabbit Oak
> Issue Type: Sub-task
> Components: core, jcr
> Affects Versions: 1.0.6
> Reporter: Marius Petria
>
> I can create a lock on an item with "admin" but this does not prevent a different user from changing the content.
> {code}
> <jcr:content
> cq:lastModified="{Date}2010-07-28T15:21:21.213+01:00"
> cq:lastModifiedBy="author"
> cq:template="/apps/geometrixx/templates/contentpage"
> jcr:lockIsDeep="{Boolean}true"
> jcr:lockOwner="admin"
> jcr:mixinTypes="[mix:lockable]"
> jcr:primaryType="cq:PageContent"
> jcr:title="Dienstleistungen"
> sling:resourceType="geometrixx/components/contentpage"/>
> {code}
> {code}
> String path = "/content/geometrixx/de/company/jcr:content";
> Session authorSession = repository.login(new SimpleCredentials("author", "author".toCharArray()));
> Lock l= authorSession.getWorkspace().getLockManager().getLock(path);
> if (l.getLockOwner().equals("admin") && authorSession.getWorkspace().getLockManager().isLocked(path)) {
> Node node = authorSession.getNode(path);
> node.setProperty("bla", "bla");
> authorSession.save();
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)