[NXP-17225] As an administrator, I'd like to invite Nuxeo external user to a specific document - Nuxeo Issue Tracker

XML

Word

Printable

Details

Type: User story
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 8.1
Component/s: JSF/Polymer Integration, Security / Rights

Epic Link:
Extended ACLs
Tags:
Sprint:
TGV 11
Story Points:
20

Description

Leverage nuxeo-platform-login-token to handle authentication.

Add a notion of "virtual" principal:

virtual if the username starts with virtualuser:.
add NuxeoPrincipal#isVirtual()
Make the UserManager creates a transient principal when retrieving a Principal based on a virtual username

When a temporary ACE is created:

compute a virtual username based on the given username + doc id + reponame (virtualuser:troger@nuxeo.com_docid_reponame)
find a separator token that can't be used in a default username (so that we can split on it to retrieve the document / email)
register a new token on nuxeo-platform-login-token for that username

When notifying a virtual user for a given rights, add the token in the URL so that the user can be logged in.

Attachments

Issue Links

is required by

NXP-25828 Improve external permissions experience dealing with multiple items

Resolved

Options

Sub-Tasks

There are no Sub-Tasks for this issue.

Activity

People

Assignee:

Thomas Roger

Reporter:

Vladimir Pasquier

Participants:

Jenkins, Thomas Roger, Vladimir Pasquier

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

2015-06-04 14:34

Updated:

2020-11-03 19:33

Resolved:

2015-12-16 14:31