Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-15563

Update default permissions to handle removal of deny rights

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 6.0
    • Fix Version/s: 6.0
    • Component/s: Security / Rights
    • Tags:
    • Impact type:
      Data Persistence Change
    • Upgrade notes:
      Hide

      Permission CanAskForPublishing is no more included in Read.

      For existing repositories, CanAskForPublishing has to be assigned explicitly on the Sections root.

      Show
      Permission CanAskForPublishing is no more included in Read. For existing repositories, CanAskForPublishing has to be assigned explicitly on the Sections root.
    • Sprint:
      Sprint RepoTeam 5.9.5-2

      Description

      The current permissions:

      • Read -> includes CanAskForPublishing
      • Write -> includes Remove

      This is a problem if rights cannot be denied, as this is not possible anymore (without configuration) to:

      • deny the CanAskForPublishing right on the SectionRoot (usually to deny it for the members group)
      • deny the Remove right to someone having access to a Workspace.

      Possible solution:

      • Create WriteWithoutRemove and ReadWithoutPublishing rights -> does not break compatibility, handles the removal of denied rights properly.

        Attachments

          Issue Links

          is required by

          Bug - A problem which impairs or prevents the functions of the product. NXP-15834 Denying "Can ask for publish" permission has no effect

          • Resolved

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: