Hi,
For my project I need to describe a complicated sets of rules with permissions
applied to tree of documents in relation with tree of groups. Simple case of
situation is:
Documents:
Parent D1 with child D2
User Groups:
Parent G1 with subgroup G2
Permissions (ACEs):
D1: G1:RemoveChildren:true
G2:Read:true
G2:Write:true
D2: G1:Write:true
G1:Read:true
When try to remove D2 as an user member of G2 it works correct - can't delete
G2 (but this is because on D1 G2 has not permissions to remove children).
When I try to remove D2 as an user member of G1 it passes and the document
becomes deleted. In these definitions explicitly is not set nothing about
Remove permission.
Is this correct behavior? Do I have to set explicitly all the rules with true
and false?
Or somehow Remove is in subset of Write and setting Write means also and Remove?
Regards,
Stefan
--
Posted by "[email protected]" at Nuxeo Discussions
<http://nuxeo.org/discussions>
View the complete thread:
<http://www.nuxeo.org/discussions/thread.jspa?threadID=2505#6885>
_______________________________________________
ECM mailing list
[email protected]
http://lists.nuxeo.com/mailman/listinfo/ecm
To unsubscribe, go to http://lists.nuxeo.com/mailman/options/ecm
