Uploaded image for project: 'Jackrabbit Oak'
  1. Jackrabbit Oak
  2. OAK-527 Implement Permission evaluation
  3. OAK-711

PermissionValidator: Proper permission handling for jcr:nodetypeManagement privilege

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 0.9
    • core
    • None

    Description

      The jcr specification defines jcr:nodeTypeManagement privilege for all
      JCR API calls that set jcr:primaryType and jcr:mixinType properties.
      however, on the oak level we lack the ability to distinguish between
      system internal and user supplied modification of those properties.

      possible solution:

      • introduce ability to distinguish between API call and system internal mod
      • only enforce permission in oak-jcr (backwards compatibility issue as it
        used to be checked upon save only)
      • violate spec and drop explicit check for jcr:nodeTypeManagement for those
        cases where it's ambiguous in order not to have existing code failing.

      Attachments

        Issue Links

          is blocked by

          Sub-task - The sub-task of the issue OAK-767 Implement Node#removeMixin

          • Major - Major loss of function.
          • Closed

          Sub-task - The sub-task of the issue OAK-773 Workspace Import

          • Major - Major loss of function.
          • Closed

          Activity

            People

              angela Angela Schreiber
              angela Angela Schreiber
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: