Issue Details (XML | Word | Printable)

Key: JSR_283-470
Type: Bug Bug
Status: Resolved Resolved
Resolution: Fixed
Priority: Major Major
Assignee: jsr-283-issues
Reporter: dpitfiel
Votes: 0
Watchers: 0

If you were logged in you would be able to see more operations.

Define standard privilege "REMOVE_NODE"

Created: 07/Apr/08 10:47 AM   Updated: 06/Jan/11 12:09 PM   Resolved: 22/Jul/08 08:00 PM
Component/s: access control
Affects Version/s: current
Fix Version/s: milestone 1

Time Tracking:
Not Specified


Operating System: All
Platform: All

Issue Links:

Issuezilla Id: 470
Participants: anchela, dpitfiel, fguillaume, jsr-283-issues and Peeter Piegaze

 Description  « Hide

Currently, permission to remove a node requires REMOVE_CHILD_NODES privilege on
the parent node. No specific privilege is required on the node actually being
removed. Some repositories natively model "remove" as a "delete" instead of a
"unlink" and restrict deletion based on the access control policy on the node
being deleted.

Proposal: Introduce an additional privilege, REMOVE_NODE. Removing a node
requires REMOVE_NODE on that node and REMOVE_CHILD_NODE on the parent node.

(A repository that uses the "unlink" model might have REMOVE_NODE in every
access control policy, so that removal is effectively controlled by
REMOVE_CHILD_NODE. Conversely a repository that uses the "delete" model might
have REMOVE_CHILD_NODE in every access control policy.)

dpitfiel added a comment - 07/Apr/08 12:27 PM

Name of the new privilege depends on outcome of issue #468.

fguillaume added a comment - 14/Apr/08 07:47 AM

+1, the ECMs I'm used to follow this model too, and it gives great flexibility.

anchela added a comment - 28/May/08 12:55 AM

decisions taken at the ac conference (19. mai 2008):

  • To be included in the list of new privileges compiled by Nicolas (see #468).
  • All of these proposed privileges will then be considered later.

anchela added a comment - 28/May/08 01:06 AM

corrigenda: 'list of new privileges' corresponds to issue #486.

-> add dependency.

Peeter Piegaze added a comment - 22/Jul/08 08:00 PM

Fixed. Privilege jcr:removeNode privilege added