You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jackrabbit.apache.org by "angela (JIRA)" <ji...@apache.org> on 2005/08/16 15:44:54 UTC
[jira] Resolved: (JCR-186) simple webdav server allows PROPPATCH of protected properties
[ http://issues.apache.org/jira/browse/JCR-186?page=all ]
angela resolved JCR-186:
------------------------
Resolution: Invalid
hi brian
i had a closer look at it and decided, that within the simple davresource implementation there is no need for extra checks for protected properties.
i modified the code and mark protected jcr-properties as protected
dav properties as well (that was in fact missing).
since the simple resource only has protected jcr-properties, setting protected properties is not possible with the simple resource anyway. if you add additional (non-jcr) properties to your caldav-resource, you will probably have to modify the read/write methods for properties and i'd rather suggest, that you add the check for 'protection' to your extension.
regarding the detailed response in case of failure: i will take care of this, as soon as i implement the multistatus response for PROPPATCH (after my vacation :-).
kind regards
angela
> simple webdav server allows PROPPATCH of protected properties
> -------------------------------------------------------------
>
> Key: JCR-186
> URL: http://issues.apache.org/jira/browse/JCR-186
> Project: Jackrabbit
> Type: Bug
> Reporter: Brian Moseley
> Assignee: angela
>
> DavResourceImpl.alterProperties, setProperty and removeProperty should check if a dav property is protected before setting or removing it. attempting to change a protected property should result (i believe) in a 409 Conflict response for that particular property.
> solving this will likely require getting the DavProperty instance corresponding to each property included in the request. DavResourceImpl will need a way to obtain instances defined by jcr-server extensions (eg the CALDAV:calendar-description property).
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira