You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@jackrabbit.apache.org by "Jukka Zitting (Updated) (JIRA)" <ji...@apache.org> on 2011/11/16 13:56:52 UTC

[jira] [Updated] (JCR-2863) Session#importXML can't handle properly uuid collision if user has insufficient permission

     [ https://issues.apache.org/jira/browse/JCR-2863?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jukka Zitting updated JCR-2863:
-------------------------------

    Fix Version/s: 2.2.10

Merged to the 2.2 branch in revision 1202684.
                
> Session#importXML can't handle properly uuid collision if user has insufficient permission
> ------------------------------------------------------------------------------------------
>
>                 Key: JCR-2863
>                 URL: https://issues.apache.org/jira/browse/JCR-2863
>             Project: Jackrabbit Content Repository
>          Issue Type: Bug
>          Components: jackrabbit-core, xml
>    Affects Versions: 1.6.1, 2.2.1
>            Reporter: Antoine Brochard
>             Fix For: 2.2.10, 2.3
>
>         Attachments: exception.txt
>
>
> When importing referenceable nodes, if there are nodes with the same uuid in the workspace but the session has no sufficient permission to read them then the import will fail no matter what ImportUUIDBehavior is chosen. 
> But the same xml will be imported successfully in another repository or if the user have read access.
> SessionImpl.java :
>  public NodeImpl getNodeById(NodeId id) ...{
> ...
>  try {
>             return (NodeImpl) getItemManager().getItem(id);
>         } catch (AccessDeniedException ade) {
>             throw new ItemNotFoundException(id.toString());
>         }
> }
> SessionImporter.java :
>  public void startNode(NodeInfo nodeInfo, List propInfos)...{
> ...
>   if (node == null) {
>             // create node
>             if (id == null) {
>             ...
>             } else {
>                 // potential uuid conflict
>                 NodeImpl conflicting;
>                 try {
>                     conflicting = session.getNodeById(id);
>                 } catch (ItemNotFoundException infe) {
>                     conflicting = null;
>                 }
>                 if (conflicting != null) {
>                     // resolve uuid conflict
>                  ...
>                }
> ...
> }
> In the JCR 1.0 spec says "lack of read access to an item blocks access to both information about the content of that item and information about the existence of the item" but this should probably not be true, internally, when doing an import. 
> Otherwise it means that read access to an entire workspace must be granted to a user so that it could successfully use the IMPORT_UUID_CREATE_NEW behaviour.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira