Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-22252

Fix the listing of a section with CMIS when a document has been modified since the publishing

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 7.10-HF08, 8.10
    • Fix Version/s: 7.10-HF26, 8.10-HF08, 9.2
    • Component/s: CMIS

      Description

      Listing the content of a section fails with CMIS API if at least one of its child (proxy) targets a live document which is checked out.

      Steps to reproduce

      1. Add the following line in nuxeo.conf to enable proxy usage in CMIS 
        org.nuxeo.cmis.proxies=true
      2. As an administrator, create a user named cmis-user
      3. Grant Read permission to cmis-user on the root of the repository
      4. Deny Read permission to cmis-user on the root of the workspaces, or block the right inheritance
      5. Create a section under the root of sections
      6. Create a document, publish it to the newly created section and modify the document to be in version 0.1+
      7. As cmis-user, open CMIS Workbench and connect with cmis-user credentials to http://localhost:8080/nuxeo/json/cmis (Browser binding)
      8. Browse the repository to the previously created section

      An error is displayed, saying that Read permission is denied.

      The corresponding stacktrace is

      [http-bio-127.0.0.1-8080-exec-45] [org.nuxeo.ecm.core.opencmis.bindings.NuxeoCmisServiceWrapper] org.nuxeo.ecm.core.api.DocumentSecurityException: Privilege 'Read' is not granted to 'cmis-user'
org.nuxeo.ecm.core.api.DocumentSecurityException: Privilege 'Read' is not granted to 'highspot'
	at org.nuxeo.ecm.core.api.AbstractSession.checkPermission(AbstractSession.java:207)
	at org.nuxeo.ecm.core.api.AbstractSession.getWorkingCopy(AbstractSession.java:1831)
	at org.nuxeo.ecm.core.opencmis.impl.server.NuxeoPropertyData$NuxeoPropertyDataVersionSeriesCheckedOutId.getFirstValue(NuxeoPropertyData.java:911)
	at org.nuxeo.ecm.core.opencmis.impl.server.NuxeoPropertyData$NuxeoPropertyDataVersionSeriesCheckedOutId.getFirstValue(NuxeoPropertyData.java:898)
	at org.apache.chemistry.opencmis.commons.impl.server.AbstractCmisService.getIdProperty(AbstractCmisService.java:1359)
	at org.apache.chemistry.opencmis.commons.impl.server.AbstractCmisService.getObjectInfoIntern(AbstractCmisService.java:1185)
	at org.nuxeo.ecm.core.opencmis.impl.server.NuxeoCmisService.getObjectInfo(NuxeoCmisService.java:1022)
	at org.nuxeo.ecm.core.opencmis.impl.server.NuxeoCmisService.getObjectInfo(NuxeoCmisService.java:1011)
	at org.nuxeo.ecm.core.opencmis.impl.server.NuxeoCmisService.collectObjectInfo(NuxeoCmisService.java:1044)
	at org.nuxeo.ecm.core.opencmis.impl.server.NuxeoCmisService.getChildrenInternal(NuxeoCmisService.java:1722)
	at org.nuxeo.ecm.core.opencmis.impl.server.NuxeoCmisService.getChildren(NuxeoCmisService.java:1672)

      After enabling the DEBUG log for CoreSession, it appears that the permission is denied on the Workspace document.

        Attachments

          Issue Links

          depends on

          Bug - A problem which impairs or prevents the functions of the product. NXP-22253 Fix object not found exception when accessing to a proxy with CMIS

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 4 hours
                  4h