[
https://issues.apache.org/jira/browse/CONNECTORS-1232?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14713042#comment-14713042
]
Muhammed Olgun commented on CONNECTORS-1232:
--------------------------------------------
Ok I made some research. This patch is working for my CMIS implementation but
other CMIS implementations could not be compatible with this patch. Because we
cannot see deny ACLs for all CMIS implementations.
For example,
Lets assume that we have a document which has an ACL which has an allow group
principal and a deny user principal,
This user belongs to this group but should not see the document because he is
denied,
Even if we get user access tokens with cmis:item type, we can not check that
this user denied via CMIS for this document
This leads a lack of security. I will try to find another solution.
> Add security support on CMIS Repository Connector
> -------------------------------------------------
>
> Key: CONNECTORS-1232
> URL: https://issues.apache.org/jira/browse/CONNECTORS-1232
> Project: ManifoldCF
> Issue Type: Improvement
> Components: CMIS connector
> Reporter: Muhammed Olgun
> Assignee: Muhammed Olgun
> Priority: Minor
> Fix For: ManifoldCF 2.3
>
> Attachments: CONNECTORS-1232.patch
>
>
> I realized that CMIS repository connector doesn't add ACL's to
> RepositoryDocument.
> This patch gets allow and deny permissions from specification page
> (permissions must be comma separated). If CMIS repository supports ACL then
> it includes principals to RepositoryDocument.
> I'll attach a patch. I ran my tests but a review would be great.
> Thanks!
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
