You are viewing a plain text version of this content. The canonical link for it is here.

Posted to oak-issues@jackrabbit.apache.org by "angela (JIRA)" <ji...@apache.org> on 2013/05/15 15:43:15 UTC

[jira] [Comment Edited] (OAK-796) PermissionValidator: proper check for jcr:uuid modifications.

    [ https://issues.apache.org/jira/browse/OAK-796?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13658293#comment-13658293 ] 

angela edited comment on OAK-796 at 5/15/13 1:42 PM:
-----------------------------------------------------

the permission check is omitted if a jcr:uuid property is located underneath a referenceable node
in which case it's IMHO fine to assume that this is the autocreated/mandatory/protected property
defined by mix:referenceable. the validity of the specified value is/needs to be enforced by
other validators (valid uuid, single valued property, type STRING, uniqueness) that are outside
of the scope of the permission validator.

however, if a jcr:uuid property is present which is defined by another node type (though not
sensible or recommended it is currently possible to create a jcr:uuid property underneath a tree of
type nt:unstructured) the default permissions (ADD_PROPERTY, MODIFY_PROPERTY, REMOVE_PROPERTY)
will be checked. in case we come to the conclusion that the latter was no longer valid in
OAK, the corresponding validation should go into the TypeEditor or some other uuid-specific validator). 
see also JCR-2779 for a similar discussion in jackrabbit core. 
                
      was (Author: anchela):
    the permission check is omitted if a jcr:uuid property is located underneath a referenceable node.
otherwise the default permissions are being checked.
                  
> PermissionValidator: proper check for jcr:uuid modifications.
> -------------------------------------------------------------
>
>                 Key: OAK-796
>                 URL: https://issues.apache.org/jira/browse/OAK-796
>             Project: Jackrabbit Oak
>          Issue Type: Sub-task
>          Components: core
>            Reporter: angela
>
> at rev 1475688 i tmp. disabled the permission check for the jcr:uuid
> property, which is autocreated by the system without having a
> JCR API call to set it.
> see also OAK-711 for a related issue.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira