Minor Steps to reproduce:
- log in as an administrator
- create a new user jdoe without any group
- grant Read permission to jdoe on the root of the repository
- log out
- log in as jdoe
- go to the default domain
- select the Sections document
- push the button "Add to Worklist"
- the Sections document is added to jdoe worklist
- log out
- log in as an administrator
- remove Read permisson on the root repository for jdoe
- log out
- try to log in as jdoe
=> this exception is raised: "You don't have the necessary permission to do the requested action."
with the stacktrace
Privilege 'Read' is not granted to 'jdoe' Caused by: org.nuxeo.ecm.core.api.DocumentSecurityException: Privilege 'Read' is not granted to 'jdoe' at org.nuxeo.ecm.core.api.AbstractSession.checkPermission(AbstractSession.java:215) at org.nuxeo.ecm.core.api.AbstractSession.getDocument(AbstractSession.java:934) at org.nuxeo.ecm.webapp.documentsLists.DocumentsListsPersistenceManager.getDocModel(DocumentsListsPersistenceManager.java:171) at org.nuxeo.ecm.webapp.documentsLists.DocumentsListsPersistenceManager.loadPersistentDocumentsLists(DocumentsListsPersistenceManager.java:203) at org.nuxeo.ecm.webapp.documentsLists.BaseDocumentsListsManager.createWorkingList(BaseDocumentsListsManager.java:131) at org.nuxeo.ecm.webapp.documentsLists.DocumentsListsManagerBean.initListManager(DocumentsListsManagerBean.java:74)
