Author: tolusha Date: 2010-05-13 09:09:36 -0400 (Thu, 13 May 2010) New Revision: 2378 Modified: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/SessionDataManager.java Log: EXOJCR-354: Invoke post read after permissions check Modified: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/SessionDataManager.java =================================================================== --- jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/SessionDataManager.java 2010-05-13 09:30:43 UTC (rev 2377) +++ jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/SessionDataManager.java 2010-05-13 13:09:36 UTC (rev 2378) @@ -412,13 +412,12 @@ if (apiRead) { - // TODO post read will be logically to call after the permissions check - session.getActionHandler().postRead(item); if (!item.hasPermission(PermissionType.READ)) { throw new AccessDeniedException("Access denied " + itemData.getQPath().getAsString() + " for " + session.getUserID()); } + session.getActionHandler().postRead(item); } return item; @@ -1141,7 +1140,7 @@ // We can't remove this VH now. return; } // else -- if we has a references in workspace where the VH is being - // deleted we can remove VH now. + // deleted we can remove VH now. } } finally