From: Bruno Sinou Date: Fri, 3 Apr 2015 09:57:29 +0000 (+0000) Subject: Change from Session.ACTION_ADD_NODE to Session.ACTION_SET_PROPERTY permission in... X-Git-Tag: argeo-commons-2.1.30~281 X-Git-Url: http://git.argeo.org/?a=commitdiff_plain;h=c96e271afb2614ebda4e312e4f27635f9f8e66df;p=lgpl%2Fargeo-commons.git Change from Session.ACTION_ADD_NODE to Session.ACTION_SET_PROPERTY permission in canEdit() method git-svn-id: https://svn.argeo.org/commons/trunk@8050 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc --- diff --git a/org.argeo.cms/src/org/argeo/cms/viewers/JcrVersionCmsEditable.java b/org.argeo.cms/src/org/argeo/cms/viewers/JcrVersionCmsEditable.java index bcd42851f..06d90e550 100644 --- a/org.argeo.cms/src/org/argeo/cms/viewers/JcrVersionCmsEditable.java +++ b/org.argeo.cms/src/org/argeo/cms/viewers/JcrVersionCmsEditable.java @@ -25,8 +25,15 @@ public class JcrVersionCmsEditable extends Observable implements CmsEditable { public JcrVersionCmsEditable(Node node) throws RepositoryException { this.nodePath = node.getPath(); + // Changed by BS: better adapted to manage authorisation. + // This permission enables property modification and addition of + // children nodes and corresponds to a JCR_ALL privileges given on the + // current node path nodes, whereas ACTION_ADD_NODE seems to be + // necessary to add nodes on the parent node if (node.getSession().hasPermission(node.getPath(), - Session.ACTION_ADD_NODE)) { + Session.ACTION_SET_PROPERTY)) { + // if (node.getSession().hasPermission(node.getPath(), + // Session.ACTION_ADD_NODE)) { canEdit = true; if (!node.isNodeType(NodeType.MIX_VERSIONABLE)) { node.addMixin(NodeType.MIX_VERSIONABLE);