> I've changed AbstractStore.grantPermission() to check whether a
> permission exists before creating it. I'm not sure whether that's the
> appropriate place for the check, though.
>
> (I can't currently connect to the jakarta cvs-pserver for some reason,
> so I'm including the actual code here instead of a diff, sorry.)
This shouldn't happen. The security helper already has that particular code,
and the XMLUnmarshaller which is loading the node is calling the right
method in the security helper (grantPermission(token, permission)).
The only permission which is using direct access for creation is permission
/,/,/ created in Namespace. We should check if it exists (but it shouldn't).
The CVS moved to cvs.apache.org. It's not on jakarta anymore.
Remy
