If an ACL org.nuxeo.ecm.platform.publisher.jbpm.CoreProxyWithWorkflowFactory
is present it means that the document is actually not yet published
but just pending publication. You should see an indication about that
("This document is waiting for a publication approval") on the
document.
A document is not published directly but goes through such an approval
process when the person doing the initial publication action doesn't
have sufficient rights ("Write" permission on the section).Florent On Mon, Aug 2, 2010 at 10:12 AM, Kjetil Nygård <[email protected]> wrote: > > Hi, > > I have found out something more. It is not the security model, but rather > something that happens when I publish the documents. I do the publishing as > following: > > 1. Select all documents in a folder F and "add content to Worklist" > (Clipboard). > 2. Select the section S where I want to publish the documents, and use > "Publish here" in the clipboard menu on the left. > 3. The documents are published and folder F and Section S has read-permission > for "guest". > > But when I look in the database I find something like this: > > nuxeo=# select a.* from acls a join hierarchy h on (h.id=a.id); > id | pos | > name | grant | permission | user | > group > --------------------------------------+-----+--------------------------------------------------------------------+-------+------------+---------------+------- > 05952865-4afb-4078-8736-84a78af7ea1c | 0 | > local | t | > Everything | Administrator | > 05952865-4afb-4078-8736-84a78af7ea1c | 1 | > local | t | > Read | members | > 05952865-4afb-4078-8736-84a78af7ea1c | 2 | > local | t | > Version | members | > 34248cb2-9eea-406a-a588-b57e0640e967 | 0 | > local | t | > Read | Everyone | > aad32fc2-2326-4352-8d04-7ed2d8bbff0b | 0 | > local | t | > Everything | guest | > ca657770-cbfb-4c1e-b780-dc17738d4978 | 0 | > local | f | > Everything | Everyone | > 68666016-62c4-4080-b980-e15032d35dda | 0 | > local | t | > Read | guest | > de894e9d-09f3-4f3e-9142-20dea3b2c36d | 0 | > local | t | > Read | guest | > 6e08ecb1-8cb4-4653-b167-adcc21094e0f | 0 | > local | t | > Read | guest | > 351ace34-8436-47c7-a9a5-75121e3af857 | 0 | > org.nuxeo.ecm.platform.publisher.jbpm.CoreProxyWithWorkflowFactory | t | > Read | Administrator | > 351ace34-8436-47c7-a9a5-75121e3af857 | 1 | > org.nuxeo.ecm.platform.publisher.jbpm.CoreProxyWithWorkflowFactory | t | > Write | Administrator | > 351ace34-8436-47c7-a9a5-75121e3af857 | 2 | > org.nuxeo.ecm.platform.publisher.jbpm.CoreProxyWithWorkflowFactory | t | > Read | kjetiln | > 351ace34-8436-47c7-a9a5-75121e3af857 | 3 | > org.nuxeo.ecm.platform.publisher.jbpm.CoreProxyWithWorkflowFactory | f | > Write | Everyone | > 351ace34-8436-47c7-a9a5-75121e3af857 | 4 | > org.nuxeo.ecm.platform.publisher.jbpm.CoreProxyWithWorkflowFactory | f | > Read | Everyone | > 649ddd2b-c334-486e-b2d5-354eb68345cb | 0 | > org.nuxeo.ecm.platform.publisher.jbpm.CoreProxyWithWorkflowFactory | t | > Read | Administrator | > 649ddd2b-c334-486e-b2d5-354eb68345cb | 1 | > org.nuxeo.ecm.platform.publisher.jbpm.CoreProxyWithWorkflowFactory | t | > Write | Administrator | > 649ddd2b-c334-486e-b2d5-354eb68345cb | 2 | > org.nuxeo.ecm.platform.publisher.jbpm.CoreProxyWithWorkflowFactory | t | > Read | kjetiln | > 649ddd2b-c334-486e-b2d5-354eb68345cb | 3 | > org.nuxeo.ecm.platform.publisher.jbpm.CoreProxyWithWorkflowFactory | f | > Write | Everyone | > 649ddd2b-c334-486e-b2d5-354eb68345cb | 4 | > org.nuxeo.ecm.platform.publisher.jbpm.CoreProxyWithWorkflowFactory | f | > Read | Everyone | > ... More lines.... > > As you can see from the SQL, there is added revoke permissions on the > documents that I have selected for "Everyone". > > If I do the following SQL it works again: > nuxeo=# delete from acls where > name='org.nuxeo.ecm.platform.publisher.jbpm.CoreProxyWithWorkflowFactory'; > nuxeo=# select * from nx_vacuum_read_acls(); > nuxeo=# select nx_update_read_acls(); > > Is this a known bug and is it fixed in 5.3.2? > > > Best regards > > Kjetil Nygård > > > > > > On Fri, 2010-07-30 at 15:38 +0200, Kjetil Nygård wrote: > > Hello, > > I have made some documents in workspace, and given permission to them for my > guest-user to read. And the user can read them. > > Then I published the documents to /default-domain/sections/my-section. I > granted guest access to read, ReadVersion, Version, and ReadChildren to the > both the section and the workspace folder where the documents are located. > > Guest can enter both the Folder and the Section. But still I can not see the > documents in the section and I can not search them up with CMIS as the > guest-user. (Admin works fine) > > What am I doing wrong? > > > Med vennlig hilsen > > Kjetil Nygård > [email protected] > Tlf: +47 41 47 43 37 > MSN: [email protected] > Skype: pol-pot78 > > > > _______________________________________________ > ECM mailing list > [email protected] > http://lists.nuxeo.com/mailman/listinfo/ecm > To unsubscribe, go to http://lists.nuxeo.com/mailman/options/ecm > > Med vennlig hilsen > > Kjetil Nygård > [email protected] > Tlf: +47 41 47 43 37 > MSN: [email protected] > Skype: pol-pot78 > > > > _______________________________________________ > ECM mailing list > [email protected] > http://lists.nuxeo.com/mailman/listinfo/ecm > To unsubscribe, go to http://lists.nuxeo.com/mailman/options/ecm > -- Florent Guillaume, Director of R&D, Nuxeo Open Source, Java EE based, Enterprise Content Management (ECM) http://www.nuxeo.com http://www.nuxeo.org +33 1 40 33 79 87 _______________________________________________ ECM mailing list [email protected] http://lists.nuxeo.com/mailman/listinfo/ecm To unsubscribe, go to http://lists.nuxeo.com/mailman/options/ecm
