You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jackrabbit.apache.org by "angela (JIRA)" <ji...@apache.org> on 2009/10/23 17:51:38 UTC
[jira] Created: (JCR-2363) Node.orderBefore does not check
permissions
Node.orderBefore does not check permissions
-------------------------------------------
Key: JCR-2363
URL: https://issues.apache.org/jira/browse/JCR-2363
Project: Jackrabbit Content Repository
Issue Type: Bug
Components: jackrabbit-core, security
Reporter: angela
Assignee: angela
Fix For: 2.0.0
It seems that Node.orderBefore(String, String) does not check if the editing session is allowed to modify the parent, neither immediately nor upon saving the transient changes.
This issue was found by Alexandre Capt. Thanks!
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (JCR-2363) Node.orderBefore does not check
permissions
Posted by "angela (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JCR-2363?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
angela updated JCR-2363:
------------------------
Attachment: JCR-2363.patch
> Node.orderBefore does not check permissions
> -------------------------------------------
>
> Key: JCR-2363
> URL: https://issues.apache.org/jira/browse/JCR-2363
> Project: Jackrabbit Content Repository
> Issue Type: Bug
> Components: jackrabbit-core, security
> Reporter: angela
> Assignee: angela
> Fix For: 2.0.0
>
> Attachments: JCR-2363.patch
>
>
> It seems that Node.orderBefore(String, String) does not check if the editing session is allowed to modify the parent, neither immediately nor upon saving the transient changes.
> This issue was found by Alexandre Capt. Thanks!
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (JCR-2363) Node.orderBefore does not check
permissions
Posted by "angela (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JCR-2363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12769270#action_12769270 ]
angela commented on JCR-2363:
-----------------------------
proposed fix: treat the reorder similar to a move and check if the child node to be reordered can be removed and added.
> Node.orderBefore does not check permissions
> -------------------------------------------
>
> Key: JCR-2363
> URL: https://issues.apache.org/jira/browse/JCR-2363
> Project: Jackrabbit Content Repository
> Issue Type: Bug
> Components: jackrabbit-core, security
> Reporter: angela
> Assignee: angela
> Fix For: 2.0.0
>
> Attachments: JCR-2363.patch
>
>
> It seems that Node.orderBefore(String, String) does not check if the editing session is allowed to modify the parent, neither immediately nor upon saving the transient changes.
> This issue was found by Alexandre Capt. Thanks!
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (JCR-2363) Node.orderBefore does not check
permissions
Posted by "angela (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JCR-2363?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
angela resolved JCR-2363.
-------------------------
Resolution: Fixed
> Node.orderBefore does not check permissions
> -------------------------------------------
>
> Key: JCR-2363
> URL: https://issues.apache.org/jira/browse/JCR-2363
> Project: Jackrabbit Content Repository
> Issue Type: Bug
> Components: jackrabbit-core, security
> Reporter: angela
> Assignee: angela
> Fix For: 2.0.0
>
> Attachments: JCR-2363.patch
>
>
> It seems that Node.orderBefore(String, String) does not check if the editing session is allowed to modify the parent, neither immediately nor upon saving the transient changes.
> This issue was found by Alexandre Capt. Thanks!
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.