You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by my...@apache.org on 2010/10/12 21:53:17 UTC
svn commit: r1021901 -
/sling/trunk/bundles/extensions/explorer/src/main/resources/libs/sling/servlet/default/explorer/node.esp
Author: mykee
Date: Tue Oct 12 19:53:17 2010
New Revision: 1021901
URL: http://svn.apache.org/viewvc?rev=1021901&view=rev
Log:
SLING-1818 [explorer] Should not be prompted to delete the root node
Modified:
sling/trunk/bundles/extensions/explorer/src/main/resources/libs/sling/servlet/default/explorer/node.esp
Modified: sling/trunk/bundles/extensions/explorer/src/main/resources/libs/sling/servlet/default/explorer/node.esp
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/explorer/src/main/resources/libs/sling/servlet/default/explorer/node.esp?rev=1021901&r1=1021900&r2=1021901&view=diff
==============================================================================
--- sling/trunk/bundles/extensions/explorer/src/main/resources/libs/sling/servlet/default/explorer/node.esp (original)
+++ sling/trunk/bundles/extensions/explorer/src/main/resources/libs/sling/servlet/default/explorer/node.esp Tue Oct 12 19:53:17 2010
@@ -51,15 +51,21 @@
try {
if ( session ) {
session.checkPermission(path, "remove");
+ if (path != '/')
+ {
%>
<form class="deleteNote" action="<%= path %>" method="post">
<input name=":operation" type="hidden" value="delete">
<input name=":redirect" type="hidden" value="<%=request.getContextPath()%><%= Packages.org.apache.sling.api.resource.ResourceUtil.getParent(resource) %>.explorer.html">
<input type="submit" class="button" value="delete this node">
</form>
- <div class="clear"></div>
- </div>
+ </div>
<%
+ }
+ %>
+ <div class="clear"></div>
+
+ <%
}
} catch ( e ) {
// don't care
RE: svn commit: r1021901 -
/sling/trunk/bundles/extensions/explorer/src/main/resources/libs/sling/servlet/default/explorer/node.esp
Posted by Mike Müller <mi...@mysign.ch>.
session.checkPermission does not return anything, it throws a
java.security.AccessControlException if there's not permission
for the given action or a RepositoryException if something else
goes wrong. But you're right, that JCR does not throw the expected
AccessControlException on the root node. It seems to me also
rather a bug of jackrabbit...
best regards
mike
> Does this mean that session.checkPermission("/", "remove") can return
> true? If so, that seems like the real bug because you can't remove the
> root node.
>
> Justin
>
> On 10/12/10 3:53 PM, mykee@apache.org wrote:
> > Author: mykee
> > Date: Tue Oct 12 19:53:17 2010
> > New Revision: 1021901
> >
> > URL: http://svn.apache.org/viewvc?rev=1021901&view=rev
> > Log:
> > SLING-1818 [explorer] Should not be prompted to delete the root node
> >
> > Modified:
> >
> sling/trunk/bundles/extensions/explorer/src/main/resources/libs/sling/serv
> let/default/explorer/node.esp
> >
> > Modified:
> sling/trunk/bundles/extensions/explorer/src/main/resources/libs/sling/serv
> let/default/explorer/node.esp
> > URL:
> http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/explorer/src/
> main/resources/libs/sling/servlet/default/explorer/node.esp?rev=1021901&
> r1=1021900&r2=1021901&view=diff
> >
> ==========================================================
> ====================
> > ---
> sling/trunk/bundles/extensions/explorer/src/main/resources/libs/sling/serv
> let/default/explorer/node.esp (original)
> > +++
> sling/trunk/bundles/extensions/explorer/src/main/resources/libs/sling/serv
> let/default/explorer/node.esp Tue Oct 12 19:53:17 2010
> > @@ -51,15 +51,21 @@
> > try {
> > if ( session ) {
> > session.checkPermission(path, "remove");
> > + if (path != '/')
> > + {
> > %>
> > <form class="deleteNote" action="<%= path %>" method="post">
> > <input name=":operation" type="hidden" value="delete">
> > <input name=":redirect" type="hidden"
> value="<%=request.getContextPath()%><%=
> Packages.org.apache.sling.api.resource.ResourceUtil.getParent(resource)
> %>.explorer.html">
> > <input type="submit" class="button" value="delete this node">
> > </form>
> > - <div class="clear"></div>
> > - </div>
> > + </div>
> > <%
> > + }
> > + %>
> > + <div class="clear"></div>
> > +
> > + <%
> > }
> > } catch ( e ) {
> > // don't care
> >
> >
Re: svn commit: r1021901 - /sling/trunk/bundles/extensions/explorer/src/main/resources/libs/sling/servlet/default/explorer/node.esp
Posted by Justin Edelson <ju...@gmail.com>.
Does this mean that session.checkPermission("/", "remove") can return
true? If so, that seems like the real bug because you can't remove the
root node.
Justin
On 10/12/10 3:53 PM, mykee@apache.org wrote:
> Author: mykee
> Date: Tue Oct 12 19:53:17 2010
> New Revision: 1021901
>
> URL: http://svn.apache.org/viewvc?rev=1021901&view=rev
> Log:
> SLING-1818 [explorer] Should not be prompted to delete the root node
>
> Modified:
> sling/trunk/bundles/extensions/explorer/src/main/resources/libs/sling/servlet/default/explorer/node.esp
>
> Modified: sling/trunk/bundles/extensions/explorer/src/main/resources/libs/sling/servlet/default/explorer/node.esp
> URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/explorer/src/main/resources/libs/sling/servlet/default/explorer/node.esp?rev=1021901&r1=1021900&r2=1021901&view=diff
> ==============================================================================
> --- sling/trunk/bundles/extensions/explorer/src/main/resources/libs/sling/servlet/default/explorer/node.esp (original)
> +++ sling/trunk/bundles/extensions/explorer/src/main/resources/libs/sling/servlet/default/explorer/node.esp Tue Oct 12 19:53:17 2010
> @@ -51,15 +51,21 @@
> try {
> if ( session ) {
> session.checkPermission(path, "remove");
> + if (path != '/')
> + {
> %>
> <form class="deleteNote" action="<%= path %>" method="post">
> <input name=":operation" type="hidden" value="delete">
> <input name=":redirect" type="hidden" value="<%=request.getContextPath()%><%= Packages.org.apache.sling.api.resource.ResourceUtil.getParent(resource) %>.explorer.html">
> <input type="submit" class="button" value="delete this node">
> </form>
> - <div class="clear"></div>
> - </div>
> + </div>
> <%
> + }
> + %>
> + <div class="clear"></div>
> +
> + <%
> }
> } catch ( e ) {
> // don't care
>
>