[JCR-3230] hasCapability() does not respect permissions - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 2.4
Fix Version/s: None
Component/s: jackrabbit-core
Labels:

Description

Session.hasCapability() is lacking a sound check for access control permissions, thus it can return true even if the respective call to hasPermission will return false.
This violates the specification:

[hasCapability] checks whether an operation can be performed given as much context as can be determined by the repository, including:

Permissions granted to the current user, including access control privileges.
[...]

(from: http://www.day.com/specs/jcr/2.0/9_Permissions_and_Capabilities.html)

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Lars Krapf

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 07/Feb/12 12:09

Updated:: 07/Feb/12 12:09