[exo-jcr-commits] exo-jcr SVN: r2378 - jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core.

[do-not-reply at jboss.org]

Author: tolusha
Date: 2010-05-13 09:09:36 -0400 (Thu, 13 May 2010)
New Revision: 2378

Modified:
   jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/SessionDataManager.java
Log:
EXOJCR-354: Invoke post read after permissions check

Modified: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/SessionDataManager.java
===================================================================
--- jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/SessionDataManager.java	2010-05-13 09:30:43 UTC (rev 2377)
+++ jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/SessionDataManager.java	2010-05-13 13:09:36 UTC (rev 2378)
@@ -412,13 +412,12 @@
 
          if (apiRead)
          {
-            // TODO post read will be logically to call after the permissions check
-            session.getActionHandler().postRead(item);
             if (!item.hasPermission(PermissionType.READ))
             {
                throw new AccessDeniedException("Access denied " + itemData.getQPath().getAsString() + " for "
                   + session.getUserID());
             }
+            session.getActionHandler().postRead(item);
          }
 
          return item;
@@ -1141,7 +1140,7 @@
                   // We can't remove this VH now.
                   return;
                } // else -- if we has a references in workspace where the VH is being
-                 // deleted we can remove VH now.
+               // deleted we can remove VH now.
             }
          }
          finally