You are viewing a plain text version of this content. The canonical link for it is here.

Posted to oak-issues@jackrabbit.apache.org by "Julian Reschke (JIRA)" <ji...@apache.org> on 2017/07/27 07:07:00 UTC

[jira] [Commented] (OAK-4693) Impersonating users can't unlock nodes

    [ https://issues.apache.org/jira/browse/OAK-4693?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16102820#comment-16102820 ] 

Julian Reschke commented on OAK-4693:
-------------------------------------

bq. An impersonating user can lock a node, but can't unlock a node.

Well, that's because any user can lock a node in theory.

bq.  but can't unlock a node.

Actually he could, if he used the lock token (assuming this is about open-scoped locks).

The "unlock-with-lock-token" for admin users is meant for recovery of abandoned locks, not for regular use.

> Impersonating users can't unlock nodes
> --------------------------------------
>
>                 Key: OAK-4693
>                 URL: https://issues.apache.org/jira/browse/OAK-4693
>             Project: Jackrabbit Oak
>          Issue Type: Wish
>          Components: jcr
>    Affects Versions: 1.5.8
>            Reporter: Zygmunt Wiercioch
>
> An impersonating user can lock a node, but can't unlock a node.  Relaxed locking was introduced in: https://issues.apache.org/jira/browse/OAK-1329,
> but SessionImpl.impersonate() can't pass the attributes to the RepositoryImpl.login() method. 
> {code}
> return getRepository().login(impCreds, sd.getWorkspaceName());
> {code}
>  An attempt to unlock a node when impersonating will result in a failure since "oak.relaxed-locking" is not set.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)