[exo-jcr-commits] exo-jcr SVN: r2378 - jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core.
do-not-reply at jboss.org
do-not-reply at jboss.org
Thu May 13 09:09:36 EDT 2010
Author: tolusha
Date: 2010-05-13 09:09:36 -0400 (Thu, 13 May 2010)
New Revision: 2378
Modified:
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/SessionDataManager.java
Log:
EXOJCR-354: Invoke post read after permissions check
Modified: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/SessionDataManager.java
===================================================================
--- jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/SessionDataManager.java 2010-05-13 09:30:43 UTC (rev 2377)
+++ jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/SessionDataManager.java 2010-05-13 13:09:36 UTC (rev 2378)
@@ -412,13 +412,12 @@
if (apiRead)
{
- // TODO post read will be logically to call after the permissions check
- session.getActionHandler().postRead(item);
if (!item.hasPermission(PermissionType.READ))
{
throw new AccessDeniedException("Access denied " + itemData.getQPath().getAsString() + " for "
+ session.getUserID());
}
+ session.getActionHandler().postRead(item);
}
return item;
@@ -1141,7 +1140,7 @@
// We can't remove this VH now.
return;
} // else -- if we has a references in workspace where the VH is being
- // deleted we can remove VH now.
+ // deleted we can remove VH now.
}
}
finally
More information about the exo-jcr-commits
mailing list