[NXP-14675] UserProfile should not be "World readable" in multi-tenant. - Nuxeo Issue Tracker

XML

Word

Printable

Details

Type: Sub-task
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 5.9.5
Component/s: Multitenancy support, User Profile / User Manager

Description

The UserProfile is created with a "World readable" ACL :

<document repository="default" id="56eefb3d-...">
  <system>
    <type>UserProfile</type>
    <path>tdelprat/1323963682791</path>
    <lifecycle-state>undefined</lifecycle-state>
    <lifecycle-policy>undefined</lifecycle-policy>
    <facet>UserProfile</facet>
    <facet>HiddenInNavigation</facet>
    <access-control>
      <acl name="local">
        <entry principal="Everyone" permission="Read" grant="true"/>
      </acl>
      <acl name="inherited">
        <entry principal="tdelprat" permission="Everything" grant="true"/>
        <entry principal="Everyone" permission="Everything" grant="false"/>
      </acl>
    </access-control>
  </system>
...

In the case of multi-tenant, we should use the Tenant group to restrict this ACL.

https://github.com/nuxeo/nuxeo-user-center/blob/master/nuxeo-user-profile/src/main/java/org/nuxeo/ecm/user/center/profile/UserProfileServiceImpl.java

The problem is actually more global and not specifically bound to the UserProfile.
=> add a listener in multi-tenant to dynamically update the ACLs to enforce Tenant group restriction

Attachments

Issue Links

depends on

NXP-14681 Synchonous eventlistener on "beforeDocumentSecurityModification" should be able to alter ACP

Resolved

Activity

People

Assignee:

Thierry Delprat

Reporter:

Thierry Delprat

Participants:

Jenkins, Thierry Delprat

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

2014-07-01 00:02

Updated:

2014-07-02 14:58

Resolved:

2014-07-02 14:58