mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-08-14 17:58:59 +00:00
ALF-14398: Webdav: Unfriendly behavior when a user without permissions (Contributor/Consumer) tries to rename space/content
Removed badly formed response generation. The original code generated a partial XML response that would not have been valid unless it was included in a proper multistatus XML fragment. In addition to this, the XML was not being flushed from the buffer so was not being written to the response anyway. Also, the status code was not applicable (409 CONFLICT) but should have been 403 FORBIDDEN. In addition to these points the XML/status code combination would only have been valid in response to a PROPPATCH request, not a MOVE -- so I have replaced all the response generation with just allowing the AccessDeniedException to propagate, resulting in a 403 FORBIDDEN. git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@40741 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Matt Ward
@@ -113,24 +113,7 @@ public class MoveMethod extends AbstractMoveOrCopyMethod
|
||||
if (sourceParentNodeRef.equals(destParentNodeRef))
|
||||
{
|
||||
// It is rename method
|
||||
try
|
||||
{
|
||||
fileFolderService.rename(sourceNodeRef, name);
|
||||
}
|
||||
catch (AccessDeniedException e)
|
||||
{
|
||||
XMLWriter xml = createXMLWriter();
|
||||
|
||||
Attributes nullAttr = getDAVHelper().getNullAttributes();
|
||||
|
||||
xml.startElement(WebDAV.DAV_NS, WebDAV.XML_ERROR, WebDAV.XML_NS_ERROR, nullAttr);
|
||||
// Output error
|
||||
xml.write(DocumentHelper.createElement(WebDAV.XML_NS_CANNOT_MODIFY_PROTECTED_PROPERTY));
|
||||
|
||||
xml.endElement(WebDAV.DAV_NS, WebDAV.XML_ERROR, WebDAV.XML_NS_ERROR);
|
||||
m_response.setStatus(HttpServletResponse.SC_CONFLICT);
|
||||
return;
|
||||
}
|
||||
fileFolderService.rename(sourceNodeRef, name);
|
||||
}
|
||||
else
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user