[jira] [Commented] (SLING-3203) Post servlet's delete operation deletes parent of nonexisting node

Wed, 22 Jan 2014 01:15:00 -0800 

    [ 
https://issues.apache.org/jira/browse/SLING-3203?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13878438#comment-13878438
 ] 

Bertrand Delacretaz commented on SLING-3203:
--------------------------------------------

I agree that something "worse" than 404 is good to express the problem clearly.

I wouldn't use 409 as http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html 
says "this code is only allowed in situations where it is expected that the 
user might be able to resolve the conflict and resubmit the request" but here 
resubmitting will fail every time.

My (current ;-) favorite is 403, "the server understood the request, but is 
refusing to fulfill it - authorization will not help and the request SHOULD NOT 
be repeated". I'll implement it like that then.

bq. I wonder, whether we should not forbid selectors and extensions completely 
on the SlingPostServlet

I'm not in favor of that but let's discuss on the dev list if needed, that's a 
distinct topic.

> Post servlet's delete operation deletes parent of nonexisting node
> ------------------------------------------------------------------
>
>                 Key: SLING-3203
>                 URL: https://issues.apache.org/jira/browse/SLING-3203
>             Project: Sling
>          Issue Type: Bug
>          Components: Servlets
>    Affects Versions: Servlets Post 2.3.2
>            Reporter: Bertrand Delacretaz
>         Attachments: SLING-3203.patch
>
>
> In the below scenario, /tmp/test is gone after the delete operation - the 
> resource resolver goes up the path of the nonexisting node, and it's 
> /tmp/test that's provided to the DeleteOperation.
> I think we should change this (maybe with a backwards compatibility switch), 
> as it's clear that the user's intention in this case is not to delete 
> /tmp/test. Maybe just reject :delete operations if the request has any 
> selector or extensions.
> curl -u admin:admin -X POST http://localhost:8080/tmp/test/some.node
> curl -u admin:admin http://localhost:8080/tmp/test.tidy.2.json # looks good
> curl -u admin:admin -F:operation=delete 
> http://localhost:8080/tmp/test.other/nothing
> curl -u admin:admin http://localhost:8080/tmp/test.tidy.2.json # 404



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Reply via email to