[
https://jira.nuxeo.com/browse/NXP-8011?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=106916#comment-106916
]
Anahide Tchertchian edited comment on NXP-8011 at 11/30/11 10:06 PM:
---------------------------------------------------------------------
This method is used to select documents with permissions set on it: the
'allGroups' field should hold the user id, and all the groups (virtual or not)
that will be used to perform a security check so that:
imagine there is a group "nuxeo" with sub group "developers" with sub groups
"starship", let's say current user is explicitely a member of the "developers"
group.
- document A has read permission for the "nuxeo" group => current user should
be able to see it
- document B has read permission for the "developers" group => current user
should be able to see it
- document C has read permission for the "starship" group => current user
should be *not* able to see it
when retrieving the parent groups, the documents selection when querying the
repository will be done on "nuxeo" and "developers" for the user => only
document A and B will be retrieved (OK)
when retrieving the member groups, the documents selection when querying the
repository will be done on "developers" and "starship" for the user => document
A will not be retrieved (KO), B will be (OK), C will be retrieved (KO)
so i rollbacked your commit, can you describe what's your issue with it?
was (Author: atchertchian):
rollbacking your commit, this is not right, what's exactly your issue?
> Computing all groups in NuxeoPrincipal is adding all the parent groups
> instead of the sub groups
> ------------------------------------------------------------------------------------------------
>
> Key: NXP-8011
> URL: https://jira.nuxeo.com/browse/NXP-8011
> Project: Nuxeo Enterprise Platform
> Issue Type: Bug
> Components: Security / Rights
> Affects Versions: 5.4.2
> Reporter: Sun Tan
> Assignee: Sun Tan
> Fix For: 5.5
>
>
> nuxeo-services/nuxeo-platform-usermanager-api/src/main/java/org/nuxeo/ecm/platform/usermanager/NuxeoPrincipalImpl.java
> line 344
> {code}
> groupsToProcess.addAll(nxGroup.getParentGroups());
> {code}
> instead of
> {code}
> groupsToProcess.addAll(nxGroup.getMemberGroups());
> {code}
> With the current behavior,the field allGroups contains all the parent groups
> (but shouldn't).
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
ECM-tickets mailing list
[email protected]
http://lists.nuxeo.com/mailman/listinfo/ecm-tickets
