[ https://issues.apache.org/jira/browse/JCR-1743?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jukka Zitting updated JCR-1743: ------------------------------- Component/s: security jackrabbit-core Issue Type: Improvement (was: Bug) This is more an improvement than a bug fix, as the previous behaviour was clearly intentional. > Session.checkPermission: add_node and set_property evaluation are not handled > differently > ----------------------------------------------------------------------------------------- > > Key: JCR-1743 > URL: https://issues.apache.org/jira/browse/JCR-1743 > Project: Jackrabbit > Issue Type: Improvement > Components: jackrabbit-core, security > Affects Versions: core 1.4.5 > Reporter: Tobias Bocanegra > Assignee: Jukka Zitting > Fix For: core 1.4.6 > > Attachments: JCR-1743.patch > > > if the property does not exist yet, Session.checkPermission invokes an > AccessManager.checkPermission(... WRITE) for both cases. i.e. the access > manager has no means for handle a "add_node" differently from a > "set_property" > suggest to create a fake property id for the case where the property does not > exist. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.