Re: [Ecm] Guest can not read sections content.

Mon, 02 Aug 2010 04:07:46 -0700 

Thanks for the answer. 

The user I published with was member of the group adminstrators, and
hence got access to all the other functionality, but not publish. 

I fixed this by adding a rule explicitly in the db granting
administrators access to "Everything" just like "Administrator" and now
it works as I expect it to :-)


- Kjetil




On Mon, 2010-08-02 at 12:12 +0200, Florent Guillaume wrote:

> If an ACL org.nuxeo.ecm.platform.publisher.jbpm.CoreProxyWithWorkflowFactory
> is present it means that the document is actually not yet published
> but just pending publication. You should see an indication about that
> ("This document is waiting for a publication approval") on the
> document.
> A document is not published directly but goes through such an approval
> process when the person doing the initial publication action doesn't
> have sufficient rights ("Write" permission on the section).
> 
> Florent
> 
> On Mon, Aug 2, 2010 at 10:12 AM, Kjetil Nygård <[email protected]> wrote:
> >
> > Hi,
> >
> > I have found out something more. It is not the security model, but rather 
> > something that happens when I publish the documents. I do the publishing as 
> > following:
> >
> > 1. Select all documents in a folder F and "add content to Worklist" 
> > (Clipboard).
> > 2. Select the section S where I want to publish the documents, and use 
> > "Publish here" in the clipboard menu on the left.
> > 3. The documents are published and folder F and Section S has 
> > read-permission for "guest".
> >
> > But when I look in the database I find something like this:
> >
> > nuxeo=# select a.* from acls a join hierarchy h on (h.id=a.id);
> >                   id                  | pos |                               
> >  name                                | grant | permission |     user      | 
> > group
> > --------------------------------------+-----+--------------------------------------------------------------------+-------+------------+---------------+-------
> > 05952865-4afb-4078-8736-84a78af7ea1c |   0 | local                          
> >                                     | t     | Everything | Administrator |
> > 05952865-4afb-4078-8736-84a78af7ea1c |   1 | local                          
> >                                     | t     | Read       | members       |
> > 05952865-4afb-4078-8736-84a78af7ea1c |   2 | local                          
> >                                     | t     | Version    | members       |
> > 34248cb2-9eea-406a-a588-b57e0640e967 |   0 | local                          
> >                                     | t     | Read       | Everyone      |
> > aad32fc2-2326-4352-8d04-7ed2d8bbff0b |   0 | local                          
> >                                     | t     | Everything | guest         |
> > ca657770-cbfb-4c1e-b780-dc17738d4978 |   0 | local                          
> >                                     | f     | Everything | Everyone      |
> > 68666016-62c4-4080-b980-e15032d35dda |   0 | local                          
> >                                     | t     | Read       | guest         |
> > de894e9d-09f3-4f3e-9142-20dea3b2c36d |   0 | local                          
> >                                     | t     | Read       | guest         |
> > 6e08ecb1-8cb4-4653-b167-adcc21094e0f |   0 | local                          
> >                                     | t     | Read       | guest         |
> > 351ace34-8436-47c7-a9a5-75121e3af857 |   0 | 
> > org.nuxeo.ecm.platform.publisher.jbpm.CoreProxyWithWorkflowFactory | t     
> > | Read       | Administrator |
> > 351ace34-8436-47c7-a9a5-75121e3af857 |   1 | 
> > org.nuxeo.ecm.platform.publisher.jbpm.CoreProxyWithWorkflowFactory | t     
> > | Write      | Administrator |
> > 351ace34-8436-47c7-a9a5-75121e3af857 |   2 | 
> > org.nuxeo.ecm.platform.publisher.jbpm.CoreProxyWithWorkflowFactory | t     
> > | Read       | kjetiln       |
> > 351ace34-8436-47c7-a9a5-75121e3af857 |   3 | 
> > org.nuxeo.ecm.platform.publisher.jbpm.CoreProxyWithWorkflowFactory | f     
> > | Write      | Everyone      |
> > 351ace34-8436-47c7-a9a5-75121e3af857 |   4 | 
> > org.nuxeo.ecm.platform.publisher.jbpm.CoreProxyWithWorkflowFactory | f     
> > | Read       | Everyone      |
> > 649ddd2b-c334-486e-b2d5-354eb68345cb |   0 | 
> > org.nuxeo.ecm.platform.publisher.jbpm.CoreProxyWithWorkflowFactory | t     
> > | Read       | Administrator |
> > 649ddd2b-c334-486e-b2d5-354eb68345cb |   1 | 
> > org.nuxeo.ecm.platform.publisher.jbpm.CoreProxyWithWorkflowFactory | t     
> > | Write      | Administrator |
> > 649ddd2b-c334-486e-b2d5-354eb68345cb |   2 | 
> > org.nuxeo.ecm.platform.publisher.jbpm.CoreProxyWithWorkflowFactory | t     
> > | Read       | kjetiln       |
> > 649ddd2b-c334-486e-b2d5-354eb68345cb |   3 | 
> > org.nuxeo.ecm.platform.publisher.jbpm.CoreProxyWithWorkflowFactory | f     
> > | Write      | Everyone      |
> > 649ddd2b-c334-486e-b2d5-354eb68345cb |   4 | 
> > org.nuxeo.ecm.platform.publisher.jbpm.CoreProxyWithWorkflowFactory | f     
> > | Read       | Everyone      |
> > ... More lines....
> >
> > As you can see from the SQL, there is added revoke permissions on the 
> > documents that I have selected for "Everyone".
> >
> > If I do the following SQL it works again:
> > nuxeo=# delete from acls where 
> > name='org.nuxeo.ecm.platform.publisher.jbpm.CoreProxyWithWorkflowFactory';
> > nuxeo=# select * from nx_vacuum_read_acls();
> > nuxeo=# select nx_update_read_acls();
> >
> > Is this a known bug and is it fixed in 5.3.2?
> >
> >
> > Best regards
> >
> > Kjetil Nygård
> >
> >
> >
> >
> >
> > On Fri, 2010-07-30 at 15:38 +0200, Kjetil Nygård wrote:
> >
> > Hello,
> >
> > I have made some documents in workspace, and given permission to them for 
> > my guest-user to read. And the user can read them.
> >
> > Then I published the documents to /default-domain/sections/my-section. I 
> > granted guest access to read, ReadVersion, Version, and ReadChildren to the 
> > both the section and the workspace folder where the documents are located.
> >
> > Guest can enter both the Folder and the Section. But still I can not see 
> > the documents in the section and I can not search them up with CMIS as the 
> > guest-user. (Admin works fine)
> >
> > What am I doing wrong?
> >
> >
> > Med vennlig hilsen
> >
> > Kjetil Nygård
> > [email protected]
> > Tlf: +47 41 47 43 37
> > MSN: [email protected]
> > Skype: pol-pot78
> >
> >
> >
> > _______________________________________________
> > ECM mailing list
> > [email protected]
> > http://lists.nuxeo.com/mailman/listinfo/ecm
> > To unsubscribe, go to http://lists.nuxeo.com/mailman/options/ecm
> >
> > Med vennlig hilsen
> >
> > Kjetil Nygård
> > [email protected]
> > Tlf: +47 41 47 43 37
> > MSN: [email protected]
> > Skype: pol-pot78
> >
> >
> >
> > _______________________________________________
> > ECM mailing list
> > [email protected]
> > http://lists.nuxeo.com/mailman/listinfo/ecm
> > To unsubscribe, go to http://lists.nuxeo.com/mailman/options/ecm
> >
> 
> 
> 
> --
> Florent Guillaume, Director of R&D, Nuxeo
> Open Source, Java EE based, Enterprise Content Management (ECM)
> http://www.nuxeo.com   http://www.nuxeo.org   +33 1 40 33 79 87


Med vennlig hilsen

Kjetil Nygård
[email protected]
Tlf: +47 41 47 43 37
MSN: [email protected]
Skype: pol-pot78



_______________________________________________
ECM mailing list
[email protected]
http://lists.nuxeo.com/mailman/listinfo/ecm
To unsubscribe, go to http://lists.nuxeo.com/mailman/options/ecm

Reply via email to