[REPO-1338] Repository throws exception when node is returned from query, but access is denied - Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Normal
Resolution: Won't Fix
Affects Version/s: 2.26.16
Fix Version/s: 3.1.0
Component/s: None
Labels:
- planned
- platform

Description

The repository servlet throws an exception in case the query returns a node, which the user is not allowed to read.

Steps to reproduce:

1) Take the latest 7.9 archetype.
2) Make sure you use Hippo CMS 7.9.8
3) Set the repository property to the latest tag (2.26.16)
4) Start the project
5) Create a new root folder within document called "resourcebundles". A non-translated folder is fine.
6) Go to the console and import the attached facetrule to:
/hippo:configuration/hippo:domains/hippofolders/hippostd-folder/
/hippo:configuration/hippo:domains/hippodocuments/hippo-document/

Now log into the repository interface with the "editor" role.

Now perform the following query:

/jcr:root/content/documents//element(*,hippostd:folder)

This will result in a stracktrace, because the resourcebundle folder can't be read.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

exclude-resourcebundlefolder.xml
15/Sep/15 1:57 PM
0.8 kB
Jeroen Reijn
myhippoproject.tar.gz
15/Sep/15 2:00 PM
82 kB
Jeroen Reijn
stack-REPO-1338.txt
23/Sep/15 10:40 AM
17 kB
Jeroen Reijn

Issue Links

relates to

REPO-1337 Authorization query does not exclude all descendant nodes of node with id 'xyz' when there is a facet rule that says 'jcr:uuid != xyz'

Closed

Activity

People

Assignee:: Unassigned

Reporter:: Jeroen Reijn (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 15/Sep/15 1:57 PM

Updated:: 20/Oct/15 1:44 PM

Resolved:: 23/Sep/15 11:45 AM

Details

Description

Attachments

Attachments

Issue Links

Activity

People

Dates

related-pages-webpanel