Uploaded image for project: '[Read Only] - Hippo Repository'
  1. [Read Only] - Hippo Repository
  2. REPO-1338

Repository throws exception when node is returned from query, but access is denied

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Normal
    • Resolution: Won't Fix
    • 2.26.16
    • 3.1.0
    • None

    Description

      The repository servlet throws an exception in case the query returns a node, which the user is not allowed to read.

      Steps to reproduce:

      1) Take the latest 7.9 archetype.
      2) Make sure you use Hippo CMS 7.9.8
      3) Set the repository property to the latest tag (2.26.16)
      4) Start the project
      5) Create a new root folder within document called "resourcebundles". A non-translated folder is fine.
      6) Go to the console and import the attached facetrule to:
      /hippo:configuration/hippo:domains/hippofolders/hippostd-folder/
      /hippo:configuration/hippo:domains/hippodocuments/hippo-document/

      Now log into the repository interface with the "editor" role.

      Now perform the following query:

      /jcr:root/content/documents//element(*,hippostd:folder)

      This will result in a stracktrace, because the resourcebundle folder can't be read.

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              jreijn Jeroen Reijn (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: