Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-14450 Redesign how recursive deletes are handled
  3. NXP-14075

Make BulkLifeCycleChangeListener better manage security checks.

    XMLWordPrintable

    Details

    • Type: Sub-task
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: QualifiedToSchedule
    • Component/s: Core

      Description

      Context

      BulkLifeCycleChangeListener is used to apply lifecycle changes on a sub tree.

      As a result : it is used when putting a Document to trash or restoring it.

      As reported in SUPNXP-9785, with the current system, you can end up putting in trash a subtree containing folders that you don't have access to.

      This can be seen as a problem.

      Approach

      To solve this we can not do a full tree pre-check : this would be too slow.

      However, an option could be to do the LifeCycle transition from bottom to up and checking security "on behalf" of users for each node.

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: