[JCR-2418] Read permission on parent node required to access an item's definition - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.0-beta4
Component/s: jackrabbit-core
Labels:
None

Description

If a session is granted all permissions on a given item B but lacks permission to read it's parent node A an attempt to
access the definition of B by means of Node.getDefinition or Property.getDefinition will fail with AccessDeniedException.

Similarly, the same session will not be able to modify that item B - e.g. add a child node in case it was a node - since implementation e.g. checks of that
item B isn't protected, which is determined by looking at the definition.

My feeling is, that the item definition should be accessible even if the parent node cannot be read.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

JCR-2418.patch
02/Dec/09 10:03
7 kB
Angela Schreiber

Activity

People

Assignee:: Angela Schreiber

Reporter:: Angela Schreiber

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 02/Dec/09 09:52

Updated:: 11/Jan/10 14:16

Resolved:: 02/Dec/09 11:46