[NXP-11469] DENY Read Permission on synchronized documents should not be detected as invalid credentials by the client - Nuxeo Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 5.6.0-HF24, 5.7.3
Component/s: Nuxeo Drive

Tags:
- bugday
Backlog priority:
600

Description

If the user looses the Read permission on a previously synchronized documents, some operation will trigger a 401 error that trigger a client side token invalidation.

This should be detected server-side to map to another HTTP code, typically 403 (Forbidden) or an empty JSON response depending on the operations.

Attachments

Issue Links

depends on

NXP-11503 Automation requests with valid credentials but that lacks some permissions on a doc should be mapped to HTTP 403 instead of 401

Resolved

NXP-12493 Automation batch execution returns HTTP 500 instead of 403 in case of a DocumentSecurityException

Resolved

is required by

NXP-11159 As a user, when I remove Read rights from a synchronized folder/workspace, I expect an action on the local folders

Resolved

Activity

People

Assignee:

Antoine Taillefer

Reporter:

Olivier Grisel

Participants:

Antoine Taillefer, Jenkins, Olivier Grisel

Votes:

0 Vote for this issue

Watchers:

3 Start watching this issue

Dates

Created:

2013-04-25 17:39

Updated:

2013-10-16 18:23

Resolved:

2013-09-16 15:05

Time Tracking

Estimated:

Remaining:

Logged: