Uploaded image for project: 'ModeShape'
  1. ModeShape
  2. MODE-2354

JcrTools authorization issue while create child nodes

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 4.1.0.Final
    • 4.0.0.Final
    • None
    • None

    Description

      We discovered an authorization issue in fcrepo4 that is stemming from modeshape's jcr.api.JcrTools.
      https://github.com/ModeShape/modeshape/blob/master/modeshape-jcr-api/src/main/java/org/modeshape/jcr/api/JcrTools.java#L415

      This happens when an user tries create a node under a node he has permissions for, but lacks the permission to its ancestoral-parent.

      For example, when an user has permission for /parent/child/grandchild, but not to /parent, the request to create /parent/child/grandchild/progeny is denied.

      https://developer.jboss.org/thread/249962

      Attachments

        Activity

          People

            Unassigned Unassigned
            mohideen_jira Mohamed Abdul Rasheed (Inactive)
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: