Re: [Ecm] Guest can not read sections content.

Kjetil Nygård Mon, 02 Aug 2010 01:12:14 -0700

Hi,

I have found out something more. It is not the security model, but
rather something that happens when I publish the documents. I do the
publishing as following:


1. Select all documents in a folder F and "add content to
Worklist" (Clipboard).
2. Select the section S where I want to publish the documents, and use
"Publish here" in the clipboard menu on the left.
3. The documents are published and folder F and Section S has
read-permission for "guest".

But when I look in the database I find something like this:

nuxeo=# select a.* from acls a join hierarchy h on (h.id=a.id);
                  id                  | pos |
name                                | grant | permission |     user
| group 
--------------------------------------+-----+--------------------------------------------------------------------+-------+------------+---------------+-------
 05952865-4afb-4078-8736-84a78af7ea1c |   0 | local
| t     | Everything | Administrator | 
 05952865-4afb-4078-8736-84a78af7ea1c |   1 | local
| t     | Read       | members       | 
 05952865-4afb-4078-8736-84a78af7ea1c |   2 | local
| t     | Version    | members       | 
 34248cb2-9eea-406a-a588-b57e0640e967 |   0 | local
| t     | Read       | Everyone      | 
 aad32fc2-2326-4352-8d04-7ed2d8bbff0b |   0 | local
| t     | Everything | guest         | 
 ca657770-cbfb-4c1e-b780-dc17738d4978 |   0 | local
| f     | Everything | Everyone      | 
 68666016-62c4-4080-b980-e15032d35dda |   0 | local
| t     | Read       | guest         | 
 de894e9d-09f3-4f3e-9142-20dea3b2c36d |   0 | local
| t     | Read       | guest         | 
 6e08ecb1-8cb4-4653-b167-adcc21094e0f |   0 | local
| t     | Read       | guest         | 
 351ace34-8436-47c7-a9a5-75121e3af857 |   0 |
org.nuxeo.ecm.platform.publisher.jbpm.CoreProxyWithWorkflowFactory | t
| Read       | Administrator | 
 351ace34-8436-47c7-a9a5-75121e3af857 |   1 |
org.nuxeo.ecm.platform.publisher.jbpm.CoreProxyWithWorkflowFactory | t
| Write      | Administrator | 
 351ace34-8436-47c7-a9a5-75121e3af857 |   2 |
org.nuxeo.ecm.platform.publisher.jbpm.CoreProxyWithWorkflowFactory | t
| Read       | kjetiln       | 
 351ace34-8436-47c7-a9a5-75121e3af857 |   3 |
org.nuxeo.ecm.platform.publisher.jbpm.CoreProxyWithWorkflowFactory | f
| Write      | Everyone      | 
 351ace34-8436-47c7-a9a5-75121e3af857 |   4 |
org.nuxeo.ecm.platform.publisher.jbpm.CoreProxyWithWorkflowFactory | f
| Read       | Everyone      | 
 649ddd2b-c334-486e-b2d5-354eb68345cb |   0 |
org.nuxeo.ecm.platform.publisher.jbpm.CoreProxyWithWorkflowFactory | t
| Read       | Administrator | 
 649ddd2b-c334-486e-b2d5-354eb68345cb |   1 |
org.nuxeo.ecm.platform.publisher.jbpm.CoreProxyWithWorkflowFactory | t
| Write      | Administrator | 
 649ddd2b-c334-486e-b2d5-354eb68345cb |   2 |
org.nuxeo.ecm.platform.publisher.jbpm.CoreProxyWithWorkflowFactory | t
| Read       | kjetiln       | 
 649ddd2b-c334-486e-b2d5-354eb68345cb |   3 |
org.nuxeo.ecm.platform.publisher.jbpm.CoreProxyWithWorkflowFactory | f
| Write      | Everyone      | 
 649ddd2b-c334-486e-b2d5-354eb68345cb |   4 |
org.nuxeo.ecm.platform.publisher.jbpm.CoreProxyWithWorkflowFactory | f
| Read       | Everyone      | 
... More lines....

As you can see from the SQL, there is added revoke permissions on the
documents that I have selected for "Everyone". 

If I do the following SQL it works again:
nuxeo=# delete from acls where
name='org.nuxeo.ecm.platform.publisher.jbpm.CoreProxyWithWorkflowFactory';
nuxeo=# select * from nx_vacuum_read_acls();
nuxeo=# select nx_update_read_acls();

Is this a known bug and is it fixed in 5.3.2?


Best regards

Kjetil Nygård





On Fri, 2010-07-30 at 15:38 +0200, Kjetil Nygård wrote:

> 
> Hello,
> 
> I have made some documents in workspace, and given permission to them
> for my guest-user to read. And the user can read them.
> 
> Then I published the documents to /default-domain/sections/my-section.
> I granted guest access to read, ReadVersion, Version, and ReadChildren
> to the both the section and the workspace folder where the documents
> are located. 
> 
> Guest can enter both the Folder and the Section. But still I can not
> see the documents in the section and I can not search them up with
> CMIS as the guest-user. (Admin works fine)
> 
> What am I doing wrong? 
> 
> 
> Med vennlig hilsen
> 
> Kjetil Nygård
> [email protected]
> Tlf: +47 41 47 43 37
> MSN: [email protected]
> Skype: pol-pot78
> 
> 
> 
> 
> _______________________________________________
> ECM mailing list
> [email protected]
> http://lists.nuxeo.com/mailman/listinfo/ecm
> To unsubscribe, go to http://lists.nuxeo.com/mailman/options/ecm


Med vennlig hilsen

Kjetil Nygård
[email protected]
Tlf: +47 41 47 43 37
MSN: [email protected]
Skype: pol-pot78

_______________________________________________
ECM mailing list
[email protected]
http://lists.nuxeo.com/mailman/listinfo/ecm
To unsubscribe, go to http://lists.nuxeo.com/mailman/options/ecm

Re: [Ecm] Guest can not read sections content.

Reply via email to