You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jackrabbit.apache.org by "Stefan Guggisberg (JIRA)" <ji...@apache.org> on 2009/12/04 18:30:20 UTC
[jira] Resolved: (JCR-2425) Session.save() and
Session.refresh(boolean) rely on accessibility of the root node
[ https://issues.apache.org/jira/browse/JCR-2425?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Stefan Guggisberg resolved JCR-2425.
------------------------------------
Resolution: Fixed
Assignee: Stefan Guggisberg
fixed in svn r887279
> Session.save() and Session.refresh(boolean) rely on accessibility of the root node
> ----------------------------------------------------------------------------------
>
> Key: JCR-2425
> URL: https://issues.apache.org/jira/browse/JCR-2425
> Project: Jackrabbit Content Repository
> Issue Type: Bug
> Components: jackrabbit-core
> Reporter: angela
> Assignee: Stefan Guggisberg
>
> follow-up issue to JCR-2418:
> an editing session that is only allowed to write in a subtree but isn't allowed to access the root node will not be
> able to save or revert changes made in the transient space within that subtree.
> the reason for this is, that both SessionImpl.save() and SessionImpl.refresh(boolean) access the root node
> in order to execute the call. since it's the regular call READ permissions are checked, although the user
> made no attempt to *look* at the root.
> A workaround would be to call Item.save() on the modified tree itself that obviously was visible for the
> user... unfortunately that method is deprecated as of JCR 2.0. Therefore, I have the impression that we
> should fix the methods mentioned above.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.