You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-issues@jackrabbit.apache.org by "angela (JIRA)" <ji...@apache.org> on 2013/07/25 10:23:48 UTC
[jira] [Resolved] (OAK-711) PermissionValidator: Proper permission
handling for jcr:nodetypeManagement privilege
[ https://issues.apache.org/jira/browse/OAK-711?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
angela resolved OAK-711.
------------------------
Resolution: Fixed
resolving this issue fixed as the some initial workspace import
is now present such that the remaining test-cases now pass.
> PermissionValidator: Proper permission handling for jcr:nodetypeManagement privilege
> ------------------------------------------------------------------------------------
>
> Key: OAK-711
> URL: https://issues.apache.org/jira/browse/OAK-711
> Project: Jackrabbit Oak
> Issue Type: Sub-task
> Components: core
> Reporter: angela
> Assignee: angela
>
> The jcr specification defines jcr:nodeTypeManagement privilege for all
> JCR API calls that set jcr:primaryType and jcr:mixinType properties.
> however, on the oak level we lack the ability to distinguish between
> system internal and user supplied modification of those properties.
> possible solution:
> - introduce ability to distinguish between API call and system internal mod
> - only enforce permission in oak-jcr (backwards compatibility issue as it
> used to be checked upon save only)
> - violate spec and drop explicit check for jcr:nodeTypeManagement for those
> cases where it's ambiguous in order not to have existing code failing.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira