[jira] [Updated] (OAK-711) PermissionValidator: Proper permission handling for jcr:nodetypeManagement privilege

["angela (JIRA)" <ji...@apache.org>]

     [ https://issues.apache.org/jira/browse/OAK-711?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

angela updated OAK-711:
-----------------------

    Summary: PermissionValidator: Proper permission handling for jcr:nodetypeManagement privilege  (was: Proper permission handling for jcr:nodetypeManagement privilege)
    
> PermissionValidator: Proper permission handling for jcr:nodetypeManagement privilege
> ------------------------------------------------------------------------------------
>
>                 Key: OAK-711
>                 URL: https://issues.apache.org/jira/browse/OAK-711
>             Project: Jackrabbit Oak
>          Issue Type: Sub-task
>          Components: core
>            Reporter: angela
>
> The jcr specification defines jcr:nodeTypeManagement privilege for all
> JCR API calls that set jcr:primaryType and jcr:mixinType properties.
> however, on the oak level we lack the ability to distinguish between
> system internal and user supplied modification of those properties.
> possible solution:
> - introduce ability to distinguish between API call and system internal mod
> - only enforce permission in oak-jcr (backwards compatibility issue as it
>   used to be checked upon save only)
> - violate spec and drop explicit check for jcr:nodeTypeManagement for those
>   cases where it's ambiguous in order not to have existing code failing.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira