Hi Antonio, Yes, I think that makes sense.
Karl On Thu, Mar 26, 2015 at 12:51 PM, Antonio David Perez Morales < [email protected]> wrote: > Hi Karls > > Thanks for your response. > > So it makes sense to change that behavior in the future, so, "no" > authority group will mean "no adding ACLs" instead of no prepending > anything on the specific ACL, right? > > Regards > > On Thu, Mar 26, 2015 at 5:36 PM, Karl Wright <[email protected]> wrote: > >> Hi Antonio, >> >> A repository connector does not build its RepositoryDocument objects >> based on its ManifoldCF environment. To do that would be a challenge, and >> probably would introduce dependencies we really don't want. >> >> The access tokens themselves get qualified by the authority group name by >> the output connector. It's done by calling a qualification method in >> IOutputAddActivity. For historical reasons, that method chooses to >> interpret *no* authority group as meaning *no* qualification of tokens. >> The historical reason is deprecated but we never changed the behavior. >> Even so, you'd need to change the way the output connectors themselves >> behave if you want to change this. So it can't be done globally without >> breaking backwards compatibility, until MCF 3.0. >> >> Thanks, >> Karl >> >> >> On Thu, Mar 26, 2015 at 12:00 PM, Antonio David Perez Morales < >> [email protected]> wrote: >> >>> Hi all >>> >>> When using ManifoldCF, we are facing a strange behavior when disabling >>> authorities for a repository connection. Let me explain the steps: >>> >>> 1. Configure Alfresco repository connection with an authority group >>> using an Alfresco Authority Connection >>> 2. Configure Solr Output Connector >>> 3. Create a job using the repository and authority connections just >>> configured >>> 4. Execute the job to index the content >>> >>> After that, I can see in Solr the proper documents with the right >>> permissions. After that, I do the following: >>> >>> 1. Remove the authority group for the repository connection (using >>> "None" and saving) >>> 2. Delete the job (documents are deleted) >>> 3. Create another job with the same configuration for repository and >>> output connections >>> 4. Execute the job >>> >>> After that, I can see again in Solr the documents with the permissions. >>> >>> After checking the source code of both, Alfresco repository (or any >>> repository connector with permission capabilities) simply creates a >>> RepositoryDocument for each document to process and adds the specific ACLs >>> for the specific permission type (document, share, parent, directory_). The >>> output connector (at least Solr Output Connector) takes the repository >>> document ACLs and builds the specific Solr fields for permissions. >>> >>> I was expecting that since the base repository connector is the one >>> which manages the authority group for the repository, it (or Manifold >>> framework) should manage that to take the ACLs of the repository document >>> into account or not before being passed to the output connector (or >>> transformation connections if any). I mean I was expecting that if you put >>> none as authority group for a repository connection, then the base >>> repository connection or the framework should skip the ACLs set and put >>> no_security. >>> >>> Am I missing something or it is a real bug? if it is a bug I could fix >>> it and send a patch, but for that I would like to know what component is >>> the responsible to do that or if the framework should be changed. >>> >>> regards >>> >>> ------------------------------ >>> This message should be regarded as confidential. If you have received >>> this email in error please notify the sender and destroy it immediately. >>> Statements of intent shall only become binding when confirmed in hard copy >>> by an authorised signatory. >>> >>> Zaizi Ltd is registered in England and Wales with the registration >>> number 6440931. The Registered Office is Brook House, 229 Shepherds Bush >>> Road, London W6 7AN. >>> >> >> > > ------------------------------ > This message should be regarded as confidential. If you have received this > email in error please notify the sender and destroy it immediately. > Statements of intent shall only become binding when confirmed in hard copy > by an authorised signatory. > > Zaizi Ltd is registered in England and Wales with the registration number > 6440931. The Registered Office is Brook House, 229 Shepherds Bush Road, > London W6 7AN. >
