[JCR-2951] Item.remove fails if a child-item is not visible to the editing session - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.0, 2.1, 2.2
Fix Version/s: 2.2.8
Component/s: jackrabbit-core
Labels:
None

Description

the following test setup fails:

a given session is allowed to remove a node
the node has a policy child node which is not visible to the editing session (missing ac-read permission)
OR the node has another invisible child item which could - based on the permissions above - be removed by that session.

calling Node.remove however fails with accessdeniedexception because the internal remove
mechanism accesses all child items to mark them removed. however, the access is executed
using the regular itemmgr calls that are used to retrieve the items using the JCR API which
results in accessdenied exception as those child items are not visible to the session.
since the items can be removed i would argue that this is a bug in the internal remove process.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

JCR-2951.patch
27/Apr/11 16:05
11 kB
Angela Schreiber

Activity

People

Assignee:: Angela Schreiber

Reporter:: Angela Schreiber

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 27/Apr/11 15:58

Updated:: 23/Sep/11 08:51

Resolved:: 28/Apr/11 08:40