Session.move() fails for limited privilege users when absolute path have no common prefix

[Bruno Sinou <bs...@argeo.org>]

Hello,

We have 3 parents nodes:
  /source/a
  /target/b
  /target/c

The user has JCR_ALL rights on:
 /source
 /target/b
 /target/c

and JCR_READ rights on:  /target  but *no right at all* on the root node.

when user makes session.move("/target/c/node","/target/b/node") everything
is fine.
but when user makes  session.move("/source/node","/target/b/node")

we get a javax.jcr.AccessDeniedException: cannot read item
cafebabe-cafe-babe-cafe-babecafebabe exception.


I'm using jackrabbit 2.10.1.

Do I miss something here? Is it an expected behaviour?

This looks similar to https://issues.apache.org/jira/browse/JCR-3364 but
with the difference that here full abs path are distinct


Thanks for your help or ideas


Bruno

Re: Session.move() fails for limited privilege users when absolute path have no common prefix

[Angela Schreiber <an...@adobe.com>]

Hi Bruno

That looks like a bug to me as read access on some distant
parent should not be needed for the move.

May I suggest that you create a JIRA issue and attach a
simple test-case illustrating the problem?

Thanks and kind regards
Angela

On 09/04/16 08:32, "Bruno Sinou" <bs...@argeo.org> wrote:

>Hello,
>
>We have 3 parents nodes:
>  /source/a
>  /target/b
>  /target/c
>
>The user has JCR_ALL rights on:
> /source
> /target/b
> /target/c
>
>and JCR_READ rights on:  /target  but *no right at all* on the root node.
>
>when user makes session.move("/target/c/node","/target/b/node") everything
>is fine.
>but when user makes  session.move("/source/node","/target/b/node")
>
>we get a javax.jcr.AccessDeniedException: cannot read item
>cafebabe-cafe-babe-cafe-babecafebabe exception.
>
>
>I'm using jackrabbit 2.10.1.
>
>Do I miss something here? Is it an expected behaviour?
>
>This looks similar to https://issues.apache.org/jira/browse/JCR-3364 but
>with the difference that here full abs path are distinct
>
>
>Thanks for your help or ideas
>
>
>Bruno