Uploaded image for project: 'Jackrabbit Content Repository'
  1. Jackrabbit Content Repository
  2. JCR-3364

Moving of nodes requires read access to all parent nodes of the destination node

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 2.2.12, 2.4.2, 2.5
    • 2.6.5, 2.7.2, 2.4.6
    • jackrabbit-core
    • None

    Description

      Before JCR-3291 was fixed, Session#move(String, String) could move nodes without having read-access to the whole tree.

      • Deny jcr:read on /home and grant jcr:all on /home/users/usera to usera
      • Move nodes from /home/users/usera/from to /home/users/usera/to with usera's session
      • AccessDeniedException is thrown

      http://article.gmane.org/gmane.comp.apache.jackrabbit.user/18892

      Attachments

        Issue Links

          is broken by

          Bug - A problem which impairs or prevents the functions of the product. JCR-3390 Reordering policy node fails with AccessDeniedException

          • Major - Major loss of function.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. JCR-3619 After a move operation all ancestors of the destination path are modified

          • Major - Major loss of function.
          • Closed

          Activity

            People

              jukkaz Jukka Zitting
              primedo Thomas März
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: