I have a issue that I can not find answer for here or in Jackrabbit documentation, hope that any of you can help with it.
I am doing the following:
- admin create "someuser"
admin create the above node: /templates/templateall[ jcr:uuid: a9b629a4-d1dd-4ba3-a602-629e4ca1a7fd jcr:mixinTypes: mix:referenceable, rep:AccessControllable, label: templateall jcr:primaryType: nt:unstructured /templates/templateall/rep:policy[ jcr:primaryType: rep:ACL /templates/templateall/rep:policy/allow[ rep:privileges: jcr:all, rep:principalName: someuser jcr:primaryType: rep:GrantACE
someuser try to delete /templates/templateall node with the following exception on save()
javax.jcr.AccessDeniedException: /templates/templateall: not allowed to remove item at org.apache.jackrabbit.core.ItemSaveOperation.validateTransientItems(ItemSaveOperation.java:704) at org.apache.jackrabbit.core.ItemSaveOperation.perform(ItemSaveOperation.java:216) at org.apache.jackrabbit.core.session.SessionState.perform(SessionState.java:216) at org.apache.jackrabbit.core.ItemImpl.perform(ItemImpl.java:91) at org.apache.jackrabbit.core.ItemImpl.save(ItemImpl.java:329) at org.apache.jackrabbit.core.session.SessionSaveOperation.perform(SessionSaveOperation.java:64) at org.apache.jackrabbit.core.session.SessionState.perform(SessionState.java:216) at org.apache.jackrabbit.core.SessionImpl.perform(SessionImpl.java:361) at org.apache.jackrabbit.core.SessionImpl.save(SessionImpl.java:812)
- After, I try to delete /templates/templateall with admin user and the delete is completed successfully.
- Then I try to do the same but I give user "someuser" jcr:all access to node /templates instead of /templates/templateall, then "someuser" is able to delete the /templates/templateall successfully
So my conclusion with the first structure example is: "someuser" can remove any child of node /templates/templateall but not the node itself, is necesary to provide jcr:removeChildNodes acess no /templates to be able to do that.
Is my conclusion correct?
Thanks!!
