[
https://issues.apache.org/jira/browse/JCR-1743?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jukka Zitting updated JCR-1743:
-------------------------------
Component/s: security
jackrabbit-core
Issue Type: Improvement (was: Bug)
This is more an improvement than a bug fix, as the previous behaviour was
clearly intentional.
> Session.checkPermission: add_node and set_property evaluation are not handled
> differently
> -----------------------------------------------------------------------------------------
>
> Key: JCR-1743
> URL: https://issues.apache.org/jira/browse/JCR-1743
> Project: Jackrabbit
> Issue Type: Improvement
> Components: jackrabbit-core, security
> Affects Versions: core 1.4.5
> Reporter: Tobias Bocanegra
> Assignee: Jukka Zitting
> Fix For: core 1.4.6
>
> Attachments: JCR-1743.patch
>
>
> if the property does not exist yet, Session.checkPermission invokes an
> AccessManager.checkPermission(... WRITE) for both cases. i.e. the access
> manager has no means for handle a "add_node" differently from a
> "set_property"
> suggest to create a fake property id for the case where the property does not
> exist.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
