You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@sling.apache.org by my...@apache.org on 2010/10/12 21:53:17 UTC

svn commit: r1021901 - /sling/trunk/bundles/extensions/explorer/src/main/resources/libs/sling/servlet/default/explorer/node.esp

Author: mykee
Date: Tue Oct 12 19:53:17 2010
New Revision: 1021901

URL: http://svn.apache.org/viewvc?rev=1021901&view=rev
Log:
SLING-1818 [explorer] Should not be prompted to delete the root node

Modified:
    sling/trunk/bundles/extensions/explorer/src/main/resources/libs/sling/servlet/default/explorer/node.esp

Modified: sling/trunk/bundles/extensions/explorer/src/main/resources/libs/sling/servlet/default/explorer/node.esp
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/explorer/src/main/resources/libs/sling/servlet/default/explorer/node.esp?rev=1021901&r1=1021900&r2=1021901&view=diff
==============================================================================
--- sling/trunk/bundles/extensions/explorer/src/main/resources/libs/sling/servlet/default/explorer/node.esp (original)
+++ sling/trunk/bundles/extensions/explorer/src/main/resources/libs/sling/servlet/default/explorer/node.esp Tue Oct 12 19:53:17 2010
@@ -51,15 +51,21 @@
       try {
       if ( session ) {
           session.checkPermission(path, "remove");
+          if (path != '/')
+          {
           %>
             <form class="deleteNote" action="<%= path %>" method="post">
                 <input name=":operation" type="hidden" value="delete"> 
                 <input name=":redirect" type="hidden" value="<%=request.getContextPath()%><%= Packages.org.apache.sling.api.resource.ResourceUtil.getParent(resource) %>.explorer.html"> 
                 <input type="submit" class="button" value="delete this node">
             </form>
-            <div class="clear"></div>
-        </div>      
+        </div>
 <%
+	  }
+	  %>
+	  <div class="clear"></div>
+
+	  <%
           }
       } catch ( e ) {
           // don't care

RE: svn commit: r1021901 - /sling/trunk/bundles/extensions/explorer/src/main/resources/libs/sling/servlet/default/explorer/node.esp

Posted by Mike Müller <mi...@mysign.ch>.

session.checkPermission does not return anything, it throws a 
java.security.AccessControlException if there's not permission
for the given action or a RepositoryException if something else
goes wrong. But you're right, that JCR does not throw the expected
AccessControlException on the root node. It seems to me also 
rather a bug of jackrabbit...

best regards
mike

> Does this mean that session.checkPermission("/", "remove") can return
> true? If so, that seems like the real bug because you can't remove the
> root node.
> 
> Justin
> 
> On 10/12/10 3:53 PM, mykee@apache.org wrote:
> > Author: mykee
> > Date: Tue Oct 12 19:53:17 2010
> > New Revision: 1021901
> >
> > URL: http://svn.apache.org/viewvc?rev=1021901&view=rev
> > Log:
> > SLING-1818 [explorer] Should not be prompted to delete the root node
> >
> > Modified:
> >
> sling/trunk/bundles/extensions/explorer/src/main/resources/libs/sling/serv
> let/default/explorer/node.esp
> >
> > Modified:
> sling/trunk/bundles/extensions/explorer/src/main/resources/libs/sling/serv
> let/default/explorer/node.esp
> > URL:
> http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/explorer/src/
> main/resources/libs/sling/servlet/default/explorer/node.esp?rev=1021901&
> r1=1021900&r2=1021901&view=diff
> >
> ==========================================================
> ====================
> > ---
> sling/trunk/bundles/extensions/explorer/src/main/resources/libs/sling/serv
> let/default/explorer/node.esp (original)
> > +++
> sling/trunk/bundles/extensions/explorer/src/main/resources/libs/sling/serv
> let/default/explorer/node.esp Tue Oct 12 19:53:17 2010
> > @@ -51,15 +51,21 @@
> >        try {
> >        if ( session ) {
> >            session.checkPermission(path, "remove");
> > +          if (path != '/')
> > +          {
> >            %>
> >              <form class="deleteNote" action="<%= path %>" method="post">
> >                  <input name=":operation" type="hidden" value="delete">
> >                  <input name=":redirect" type="hidden"
> value="<%=request.getContextPath()%><%=
> Packages.org.apache.sling.api.resource.ResourceUtil.getParent(resource)
> %>.explorer.html">
> >                  <input type="submit" class="button" value="delete this node">
> >              </form>
> > -            <div class="clear"></div>
> > -        </div>
> > +        </div>
> >  <%
> > +	  }
> > +	  %>
> > +	  <div class="clear"></div>
> > +
> > +	  <%
> >            }
> >        } catch ( e ) {
> >            // don't care
> >
> >

Re: svn commit: r1021901 - /sling/trunk/bundles/extensions/explorer/src/main/resources/libs/sling/servlet/default/explorer/node.esp

Posted by Justin Edelson <ju...@gmail.com>.

Does this mean that session.checkPermission("/", "remove") can return
true? If so, that seems like the real bug because you can't remove the
root node.

Justin

On 10/12/10 3:53 PM, mykee@apache.org wrote:
> Author: mykee
> Date: Tue Oct 12 19:53:17 2010
> New Revision: 1021901
> 
> URL: http://svn.apache.org/viewvc?rev=1021901&view=rev
> Log:
> SLING-1818 [explorer] Should not be prompted to delete the root node
> 
> Modified:
>     sling/trunk/bundles/extensions/explorer/src/main/resources/libs/sling/servlet/default/explorer/node.esp
> 
> Modified: sling/trunk/bundles/extensions/explorer/src/main/resources/libs/sling/servlet/default/explorer/node.esp
> URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/explorer/src/main/resources/libs/sling/servlet/default/explorer/node.esp?rev=1021901&r1=1021900&r2=1021901&view=diff
> ==============================================================================
> --- sling/trunk/bundles/extensions/explorer/src/main/resources/libs/sling/servlet/default/explorer/node.esp (original)
> +++ sling/trunk/bundles/extensions/explorer/src/main/resources/libs/sling/servlet/default/explorer/node.esp Tue Oct 12 19:53:17 2010
> @@ -51,15 +51,21 @@
>        try {
>        if ( session ) {
>            session.checkPermission(path, "remove");
> +          if (path != '/')
> +          {
>            %>
>              <form class="deleteNote" action="<%= path %>" method="post">
>                  <input name=":operation" type="hidden" value="delete"> 
>                  <input name=":redirect" type="hidden" value="<%=request.getContextPath()%><%= Packages.org.apache.sling.api.resource.ResourceUtil.getParent(resource) %>.explorer.html"> 
>                  <input type="submit" class="button" value="delete this node">
>              </form>
> -            <div class="clear"></div>
> -        </div>      
> +        </div>
>  <%
> +	  }
> +	  %>
> +	  <div class="clear"></div>
> +
> +	  <%
>            }
>        } catch ( e ) {
>            // don't care
> 
>