I understand the need to be backward compatible.
I've contributed the folllowing extension point for having the 3
privileges on the sections : reader, publisher and validator.
<?xml version="1.0"?>
<component name="acaren.publishing.permissions.contrib">
<require>org.nuxeo.ecm.platform.publishing.permissions.contrib</require>
<extension target="org.nuxeo.ecm.core.security.SecurityService"
point="permissions">
<permission name="Read">
<remove>CanAskForPublishing</remove>
</permission>
<permission name="Write">
<include>CanAskForPublishing</include>
</permission>
</extension>
</component>
Olivier
Radu Ux D. a écrit :
I want to clarify a thing. The "Read" and "CanAskForPublishing" rights
here are the rights on *section* and *not* on document. A "reader" (in
my understanding: user having rights on the normal document) has no
privilege of whatsoever in the publishing as long the user has no
rights on sections. In order to be able to publish you need to grant
rights on section (the place where document is published).
Previously, the users with "Read" permission had also the right to
publish there. In order to maintain this backward compatible (as
Florent said) the permission to publish is included. What is the
reason a section reader can also publish there (in fact, can ask for
publishing there)? Well, not sure but it looks alright to me, and it
comes from back times.
HTH, Radu
Olivier Adam wrote:
Hi all
+1 with Raymond
The "Read" permission should'nt include the "CanAskForPublishing"
permission.
We need to add the "CanAskForPublishing" permission only for the
publishers, not for all users that have only the "Right" to read (the
readers).
The "ReadWrite" permission is attributed to the validators. It sould
include the "CanAskForPublishing" permission.
Olivier
Catalin Baican a écrit :
Hi, Raymond
The things you're pointing out were the subject of this task:
http://jira.nuxeo.org/browse/NXP-3331.
So "CanAskForPublishing" permission was included in "Read"
permission in order for a user which has "Read" persmission for a
section to be able to ask for publication in that section.
And also, if a user doesn't have "Read" persmission for a section,
but has "CanAskForPublishing" permission for it, she'll be able to
ask for publication even she doesn't have "Read" permissions.
C.
Raymond Bourges wrote:
Hi,
I have some tests with Nuxeo DM 5.2.
By default, a user is authorized to read "Sections".
As CanAskForPublishing permission is included in Read permission,
any user can request to publish!
I don't understand what is the usefulness of having ability to
assign CanAskForPublishing permission on sections as I must at
least have the Read permission for navigating in sections where I
want to publish.
In my point of view, this seems better:
1) The code (getCanPublishToSection function) that displays (or
not) the "publish here" button is displayed if user has the
CanAskForPublishing permission OR write permission (and not just
CanAskForPublishing as now).
2) Read permission should not include the CanAskForPublishing
permission.
What do you think about this?
Thanks.
_______________________________________________
ECM mailing list
[email protected]
http://lists.nuxeo.com/mailman/listinfo/ecm
To unsubscribe, go to http://lists.nuxeo.com/mailman/options/ecm
_______________________________________________
ECM mailing list
[email protected]
http://lists.nuxeo.com/mailman/listinfo/ecm
To unsubscribe, go to http://lists.nuxeo.com/mailman/options/ecm
_______________________________________________
ECM mailing list
[email protected]
http://lists.nuxeo.com/mailman/listinfo/ecm
To unsubscribe, go to http://lists.nuxeo.com/mailman/options/ecm
begin:vcard
fn:Olivier Adam
n:Adam;Olivier
org;quoted-printable:SERvice Informatique Acad=C3=A9mique (SERIA), Rectorat de Rennes;Coordonnateur Projet ENT
adr:;;92 rue d'antrain;Rennes;;35000;France
email;internet:[email protected]
title;quoted-printable:Responsable adjoint d=C3=A9partement Seria-T : D=C3=A9veloppement des TIC=
x-mozilla-html:FALSE
version:2.1
end:vcard
_______________________________________________
ECM mailing list
[email protected]
http://lists.nuxeo.com/mailman/listinfo/ecm
To unsubscribe, go to http://lists.nuxeo.com/mailman/options/ecm
