|
|
|
Use cases:
In nuxeo and customer projects we often want to make some folders accessible to a wide group of users without wanting them to access every sub folders by default. For instance we might want to give the READ permissions to all users on the root of workspaces so that the users access the list of the Workspaces on which they have READ access but we do not want them to all have access to all workspaces because the <GRANT READ - to users - on RootofWorkspaces> is inherited to all the workspaces inside.
The current solution would be to block inherited premissions on all workspaces manually, but this is far too tedious. The natural solution would be to be able do define a new "protected boolean inherited" field on the ACL class set to true by default and settable to false though the API. A UI refactoring of the user rights management screen is also required (or maybe we could leave the user defined ACL to be inherited by default and only allow to change that field programmatically for specific use cases).
Another use case is to make DomainActionsBean.getDomains to be able to list every domains she has add READ access to without making the user having access to READ_CHILDREN on the root of the repository (required for CoreSession.getChildren) AND all the domains (not wanted by default).
|
|
|
|
![]() |
|
_______________________________________________
ECM-tickets mailing list
[email protected]
http://lists.nuxeo.com/mailman/listinfo/ecm-tickets
