Jukka Zitting wrote:
And Item.getPath(). In fact, I'd argue that if getPath() is allowed to
return the path of an item, then there is no good reason to prevent
getParent() since the getPath() call already discloses more
information about the parent node than what getParent() without any
other method calls (which would of course be access controlled) does.
according to the spec Item.getPath() is different in this respect. that is, you
can get the path of an item even though an ancestor of an item is not 'visible'
to you. I put visible in quotes because at least the name of the ancestor where
a session does not have read right is disclosed. whenever an item is not
accessible through a method that call throws a AccessDeniedException throughout
the api:
http://www.day.com/maven/jsr170/javadocs/jcr-1.0/javax/jcr/class-use/AccessDeniedException.html
hence, I assume that Item.getPath() should not throw an AccessDeniedException,
but of course there might be implementations that still do.
well, I guess this is just a detail...
regards
marcel
