Hi, A follow-up on this is that the same restrictions is added when I publish the documents through the "publish" tab in Nuxeo. But I do not know the details in Nuxeo well enough to know where they are added.
-Kjetil On Mon, 2010-08-02 at 10:12 +0200, Kjetil Nygård wrote: > Hi, > > I have found out something more. It is not the security model, but > rather something that happens when I publish the documents. I do the > publishing as following: > > 1. Select all documents in a folder F and "add content to > Worklist" (Clipboard). > 2. Select the section S where I want to publish the documents, and use > "Publish here" in the clipboard menu on the left. > 3. The documents are published and folder F and Section S has > read-permission for "guest". > > But when I look in the database I find something like this: > > nuxeo=# select a.* from acls a join hierarchy h on (h.id=a.id); > id | pos | > name | grant | permission | user > | group > --------------------------------------+-----+--------------------------------------------------------------------+-------+------------+---------------+------- > 05952865-4afb-4078-8736-84a78af7ea1c | 0 | local > | t | Everything | Administrator | > 05952865-4afb-4078-8736-84a78af7ea1c | 1 | local > | t | Read | members | > 05952865-4afb-4078-8736-84a78af7ea1c | 2 | local > | t | Version | members | > 34248cb2-9eea-406a-a588-b57e0640e967 | 0 | local > | t | Read | Everyone | > aad32fc2-2326-4352-8d04-7ed2d8bbff0b | 0 | local > | t | Everything | guest | > ca657770-cbfb-4c1e-b780-dc17738d4978 | 0 | local > | f | Everything | Everyone | > 68666016-62c4-4080-b980-e15032d35dda | 0 | local > | t | Read | guest | > de894e9d-09f3-4f3e-9142-20dea3b2c36d | 0 | local > | t | Read | guest | > 6e08ecb1-8cb4-4653-b167-adcc21094e0f | 0 | local > | t | Read | guest | > 351ace34-8436-47c7-a9a5-75121e3af857 | 0 | > org.nuxeo.ecm.platform.publisher.jbpm.CoreProxyWithWorkflowFactory | t > | Read | Administrator | > 351ace34-8436-47c7-a9a5-75121e3af857 | 1 | > org.nuxeo.ecm.platform.publisher.jbpm.CoreProxyWithWorkflowFactory | t > | Write | Administrator | > 351ace34-8436-47c7-a9a5-75121e3af857 | 2 | > org.nuxeo.ecm.platform.publisher.jbpm.CoreProxyWithWorkflowFactory | t > | Read | kjetiln | > 351ace34-8436-47c7-a9a5-75121e3af857 | 3 | > org.nuxeo.ecm.platform.publisher.jbpm.CoreProxyWithWorkflowFactory | f > | Write | Everyone | > 351ace34-8436-47c7-a9a5-75121e3af857 | 4 | > org.nuxeo.ecm.platform.publisher.jbpm.CoreProxyWithWorkflowFactory | f > | Read | Everyone | > 649ddd2b-c334-486e-b2d5-354eb68345cb | 0 | > org.nuxeo.ecm.platform.publisher.jbpm.CoreProxyWithWorkflowFactory | t > | Read | Administrator | > 649ddd2b-c334-486e-b2d5-354eb68345cb | 1 | > org.nuxeo.ecm.platform.publisher.jbpm.CoreProxyWithWorkflowFactory | t > | Write | Administrator | > 649ddd2b-c334-486e-b2d5-354eb68345cb | 2 | > org.nuxeo.ecm.platform.publisher.jbpm.CoreProxyWithWorkflowFactory | t > | Read | kjetiln | > 649ddd2b-c334-486e-b2d5-354eb68345cb | 3 | > org.nuxeo.ecm.platform.publisher.jbpm.CoreProxyWithWorkflowFactory | f > | Write | Everyone | > 649ddd2b-c334-486e-b2d5-354eb68345cb | 4 | > org.nuxeo.ecm.platform.publisher.jbpm.CoreProxyWithWorkflowFactory | f > | Read | Everyone | > ... More lines.... > > As you can see from the SQL, there is added revoke permissions on the > documents that I have selected for "Everyone". > > If I do the following SQL it works again: > nuxeo=# delete from acls where > name='org.nuxeo.ecm.platform.publisher.jbpm.CoreProxyWithWorkflowFactory'; > nuxeo=# select * from nx_vacuum_read_acls(); > nuxeo=# select nx_update_read_acls(); > > Is this a known bug and is it fixed in 5.3.2? > > > Best regards > > Kjetil Nygård > > > > > > On Fri, 2010-07-30 at 15:38 +0200, Kjetil Nygård wrote: > > > > > Hello, > > > > I have made some documents in workspace, and given permission to > > them for my guest-user to read. And the user can read them. > > > > Then I published the documents > > to /default-domain/sections/my-section. I granted guest access to > > read, ReadVersion, Version, and ReadChildren to the both the section > > and the workspace folder where the documents are located. > > > > Guest can enter both the Folder and the Section. But still I can not > > see the documents in the section and I can not search them up with > > CMIS as the guest-user. (Admin works fine) > > > > What am I doing wrong? > > > > > > Med vennlig hilsen > > > > Kjetil Nygård > > [email protected] > > Tlf: +47 41 47 43 37 > > MSN: [email protected] > > Skype: pol-pot78 > > > > > > > > > > > > _______________________________________________ > > ECM mailing list > > [email protected] > > http://lists.nuxeo.com/mailman/listinfo/ecm > > To unsubscribe, go to http://lists.nuxeo.com/mailman/options/ecm > > > Med vennlig hilsen > > Kjetil Nygård > [email protected] > Tlf: +47 41 47 43 37 > MSN: [email protected] > Skype: pol-pot78 > > > > > _______________________________________________ > ECM mailing list > [email protected] > http://lists.nuxeo.com/mailman/listinfo/ecm > To unsubscribe, go to http://lists.nuxeo.com/mailman/options/ecm Med vennlig hilsen Kjetil Nygård [email protected] Tlf: +47 41 47 43 37 MSN: [email protected] Skype: pol-pot78
_______________________________________________ ECM mailing list [email protected] http://lists.nuxeo.com/mailman/listinfo/ecm To unsubscribe, go to http://lists.nuxeo.com/mailman/options/ecm
