[JIRA] Updated: (NXP-1293) add the possibility to create non-herited ACLs

Sun, 20 Jul 2008 09:47:51 -0700 

     [ 
http://jira.nuxeo.org/browse/NXP-1293?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Stéfane Fermigier updated NXP-1293:
-----------------------------------

    Fix Version/s:     (was: 5.2 M2)
                   5.2 M3

> add the possibility to create non-herited ACLs
> ----------------------------------------------
>
>                 Key: NXP-1293
>                 URL: http://jira.nuxeo.org/browse/NXP-1293
>             Project: Nuxeo Enterprise Platform
>          Issue Type: Improvement
>          Components: Core, Security
>            Reporter: Olivier Grisel
>            Assignee: Bogdan Stefanescu
>             Fix For: 5.2 M3
>
>   Original Estimate: 2 days
>  Remaining Estimate: 2 days
>
> Use cases:
> In nuxeo and customer projects we often want to make some folders accessible 
> to a wide group of users without wanting them to access every sub folders by 
> default. For instance we might want to give the READ permissions to all users 
> on the root of workspaces so that the users access the list of the Workspaces 
> on which they have READ access but we do not want them to all have access to 
> all workspaces because the <GRANT READ - to users - on RootofWorkspaces> is 
> inherited to all the workspaces inside.
> The current solution would be to block inherited premissions on all 
> workspaces manually, but this is far too tedious. The natural solution would 
> be to be able do define a new "protected boolean inherited" field on the ACL 
> class set to true by default and settable to false though the API. A UI 
> refactoring of the user rights management screen is also required (or maybe 
> we could leave the user defined ACL to be inherited by default and only allow 
> to change that field programmatically for specific use cases).
> Another use case is to make DomainActionsBean.getDomains to be able to list 
> every domains she has add READ access to without making the user having 
> access to READ_CHILDREN on the root of the repository (required for 
> CoreSession.getChildren) AND all the domains (not wanted by default).

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://jira.nuxeo.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

       
_______________________________________________
ECM-tickets mailing list
[email protected]
http://lists.nuxeo.com/mailman/listinfo/ecm-tickets

Reply via email to