Change from Session.ACTION_ADD_NODE to Session.ACTION_SET_PROPERTY permission in...

[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / viewers / JcrVersionCmsEditable.java

diff --git a/org.argeo.cms/src/org/argeo/cms/viewers/JcrVersionCmsEditable.java b/org.argeo.cms/src/org/argeo/cms/viewers/JcrVersionCmsEditable.java
index bcd42851fb6a0eb1529eeff4111d03790d6ed7d0..06d90e5508ee92ec729b4bfd204b47e45c2e2d4b 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/viewers/JcrVersionCmsEditable.java
+++ b/org.argeo.cms/src/org/argeo/cms/viewers/JcrVersionCmsEditable.java
@@ -25,8 +25,15 @@ public class JcrVersionCmsEditable extends Observable implements CmsEditable {
 
        public JcrVersionCmsEditable(Node node) throws RepositoryException {
                this.nodePath = node.getPath();
+               // Changed by BS: better adapted to manage authorisation.
+               // This permission enables property modification and addition of
+               // children nodes and corresponds to a JCR_ALL privileges given on the
+               // current node path nodes, whereas ACTION_ADD_NODE seems to be
+               // necessary to add nodes on the parent node
                if (node.getSession().hasPermission(node.getPath(),
-                               Session.ACTION_ADD_NODE)) {
+                               Session.ACTION_SET_PROPERTY)) {
+                       // if (node.getSession().hasPermission(node.getPath(),
+                       // Session.ACTION_ADD_NODE)) {
                        canEdit = true;
                        if (!node.isNodeType(NodeType.MIX_VERSIONABLE)) {
                                node.addMixin(NodeType.MIX_VERSIONABLE);