You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@jackrabbit.apache.org by Roman Puchkovskiy <ro...@blandware.com> on 2008/05/17 17:50:58 UTC
REMOVE access is not ckecked when moving a node
Hi.
When a node is moved using session.move(), should REMOVE access be checked?
It seems that it's not checked.
When a node cannot be removed because AccessManager does not allow this, it
still can be moved.
Here's a test:
public void testMoveNode() throws Exception {
Node root = session.getRootNode();
Node nodeToMove = root.addNode("nodeToMove");
session.save();
session.move(nodeToMove.getPath(), "/someNewPath");
try {
session.save();
fail("Move should not be successful!");
} catch (AccessDeniedException e) {
// expected
}
}
While AccessManager's isGranted() method is:
public boolean isGranted(ItemId id, int permissions)
throws ItemNotFoundException, RepositoryException {
// don't allow to remove any items
if ((permissions & REMOVE) == REMOVE) {
return false;
}
return true;
}
For comparison: following test passes (it removes a node instead of moving):
public void testDeleteNode() throws Exception {
Node root = session.getRootNode();
Node nodeToDelete = root.addNode("nodeToDelete");
session.save();
nodeToDelete.remove();
try {
session.save();
fail("Removal should not be successful!");
} catch (AccessDeniedException e) {
// expected
}
}
Maven project with tests is here:
http://rpuch.narod.ru/test-remove-access.zip
--
View this message in context: http://www.nabble.com/REMOVE-access-is-not-ckecked-when-moving-a-node-tp17293191p17293191.html
Sent from the Jackrabbit - Users mailing list archive at Nabble.com.
Re: REMOVE access is not ckecked when moving a node
Posted by Stefan Guggisberg <st...@day.com>.
On Mon, May 19, 2008 at 4:36 PM, Stefan Guggisberg
<st...@day.com> wrote:
> hi roman
>
> On Sat, May 17, 2008 at 5:50 PM, Roman Puchkovskiy
> <ro...@blandware.com> wrote:
>>
>> Hi.
>>
>> When a node is moved using session.move(), should REMOVE access be checked?
>> It seems that it's not checked.
>> When a node cannot be removed because AccessManager does not allow this, it
>> still can be moved.
>
> that's a bug. could you please file a jira issue?
BTW: Workspace#move does work as expected, i.e. REMOVE access is checked.
cheers
stefan
>
> thanks!
> stefan
>
>>
>> Here's a test:
>>
>> public void testMoveNode() throws Exception {
>> Node root = session.getRootNode();
>> Node nodeToMove = root.addNode("nodeToMove");
>> session.save();
>> session.move(nodeToMove.getPath(), "/someNewPath");
>> try {
>> session.save();
>> fail("Move should not be successful!");
>> } catch (AccessDeniedException e) {
>> // expected
>> }
>> }
>>
>> While AccessManager's isGranted() method is:
>>
>> public boolean isGranted(ItemId id, int permissions)
>> throws ItemNotFoundException, RepositoryException {
>> // don't allow to remove any items
>> if ((permissions & REMOVE) == REMOVE) {
>> return false;
>> }
>> return true;
>> }
>>
>> For comparison: following test passes (it removes a node instead of moving):
>>
>> public void testDeleteNode() throws Exception {
>> Node root = session.getRootNode();
>> Node nodeToDelete = root.addNode("nodeToDelete");
>> session.save();
>> nodeToDelete.remove();
>> try {
>> session.save();
>> fail("Removal should not be successful!");
>> } catch (AccessDeniedException e) {
>> // expected
>> }
>> }
>>
>> Maven project with tests is here:
>> http://rpuch.narod.ru/test-remove-access.zip
>> --
>> View this message in context: http://www.nabble.com/REMOVE-access-is-not-ckecked-when-moving-a-node-tp17293191p17293191.html
>> Sent from the Jackrabbit - Users mailing list archive at Nabble.com.
>>
>>
>
Re: REMOVE access is not ckecked when moving a node
Posted by Roman Puchkovskiy <ro...@blandware.com>.
Stefan Guggisberg-2 wrote:
>
> that's a bug. could you please file a jira issue?
>
Filed an issue: https://issues.apache.org/jira/browse/JCR-1613
--
View this message in context: http://www.nabble.com/REMOVE-access-is-not-ckecked-when-moving-a-node-tp17293191p17324398.html
Sent from the Jackrabbit - Users mailing list archive at Nabble.com.
Re: REMOVE access is not ckecked when moving a node
Posted by Stefan Guggisberg <st...@day.com>.
hi roman
On Sat, May 17, 2008 at 5:50 PM, Roman Puchkovskiy
<ro...@blandware.com> wrote:
>
> Hi.
>
> When a node is moved using session.move(), should REMOVE access be checked?
> It seems that it's not checked.
> When a node cannot be removed because AccessManager does not allow this, it
> still can be moved.
that's a bug. could you please file a jira issue?
thanks!
stefan
>
> Here's a test:
>
> public void testMoveNode() throws Exception {
> Node root = session.getRootNode();
> Node nodeToMove = root.addNode("nodeToMove");
> session.save();
> session.move(nodeToMove.getPath(), "/someNewPath");
> try {
> session.save();
> fail("Move should not be successful!");
> } catch (AccessDeniedException e) {
> // expected
> }
> }
>
> While AccessManager's isGranted() method is:
>
> public boolean isGranted(ItemId id, int permissions)
> throws ItemNotFoundException, RepositoryException {
> // don't allow to remove any items
> if ((permissions & REMOVE) == REMOVE) {
> return false;
> }
> return true;
> }
>
> For comparison: following test passes (it removes a node instead of moving):
>
> public void testDeleteNode() throws Exception {
> Node root = session.getRootNode();
> Node nodeToDelete = root.addNode("nodeToDelete");
> session.save();
> nodeToDelete.remove();
> try {
> session.save();
> fail("Removal should not be successful!");
> } catch (AccessDeniedException e) {
> // expected
> }
> }
>
> Maven project with tests is here:
> http://rpuch.narod.ru/test-remove-access.zip
> --
> View this message in context: http://www.nabble.com/REMOVE-access-is-not-ckecked-when-moving-a-node-tp17293191p17293191.html
> Sent from the Jackrabbit - Users mailing list archive at Nabble.com.
>
>