Reference this thread: http://www.mail-archive.com/slide-user@jakarta.apache.org/msg08922.html Here's the situation: a collection has /actions/write granted to owner but no other principals. The owner of the collection tries to create a new file and is denied. What's happening is Slide is checking for /actions/bind on the parent collection (this passes) but then is checking for /actions/write on the new file (which hasn't been created yet, so it doesn't have an owner property). I see two solutions, but neither are ideal. 1) Store the file, set the owner, do the security check then remove the file if the security check failed. 2) Remove the /actions/write security check. I'm favoring the second option, since /actions/bind on the parent is all that should be required to create a new resource, but I'd really appreciate some additional input on this. -James
Note that you also need the right to /actions/read the new node. This is because when you Put something, slide check /actions/bind on the parent then /actions/write-object on the new node, and them try to retrieve the node to create a revision. But there is no owner property. This is a big probleme when you want a collection where users can create files but can not see the files of the other users.
*** Bug 35830 has been marked as a duplicate of this bug. ***