Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-25705

Sync error when partial permissions on a tree

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: 9.10, 10.2
    • Fix Version/s: None
    • Component/s: Nuxeo Drive
    • Tags:
    • Backlog priority:
      500

      Description

      1. install nuxeo
      2. install drive
      3. create user robert
      4. create a workspace testWorkspace
      5. create 3 folders in it with the following permissions for robert:
        -- testworkspace (READ) (see testWorkspacePerms.png)
        ---- first level (READ by inheritance) (see firstLevelPerms.png)
        ------ second level (none -> blocked) (see secondLevelPerms.png)
        -------- third level (READ) (see thirdLevelPerms.png)
        
      6. drag and drop some files (at least one) on each level
      7. login as robert
      8. enable synchronization on testWorkspace (see testWorkspaceSynched.png)
      9. observe synchronization is also enabled on firstLevel (see firstLevelSynched.png)
      10. observe synchronization is not enabled on thirdLevel (see thirdLevelNoSync.png)
      11. start Drive client
      12. connect as robert
      13. observe only firstLevel and not thirdLevel is detected (see driveClientSync.png) which is the expected behavior
      14. click OK
      15. observe nothing is synched on client side
      16. observe the following stack trace on server side:
        2018-08-31 09:50:48,542 ERROR [http-nio-0.0.0.0-8080-exec-13] [org.nuxeo.ecm.webengine.app.WebEngineExceptionMapper] org.nuxeo.drive.adapter.RootlessItemException: Failed to invoke operation: NuxeoDrive.ScrollDescendants, Failed to invoke operation NuxeoDrive.ScrollDescendants, User robert has no READ access on parent of document /default-domain/workspaces/testWorkspaceSUPNXP23906/firstLevel/secondLevel/thirdLevel (5b2d319a-7ffa-48b7-9384-10c2647772f0).
        org.nuxeo.drive.adapter.RootlessItemException: Failed to invoke operation: NuxeoDrive.ScrollDescendants, Failed to invoke operation NuxeoDrive.ScrollDescendants, User robert has no READ access on parent of document /default-domain/workspaces/testWorkspaceSUPNXP23906/firstLevel/secondLevel/thirdLevel (5b2d319a-7ffa-48b7-9384-10c2647772f0).
        	at org.nuxeo.drive.adapter.impl.DocumentBackedFolderItem.populateAncestorCache(DocumentBackedFolderItem.java:433)
        	at org.nuxeo.drive.adapter.impl.DocumentBackedFolderItem.adaptDocuments(DocumentBackedFolderItem.java:383)
        	at org.nuxeo.drive.adapter.impl.DocumentBackedFolderItem.doScrollDescendants(DocumentBackedFolderItem.java:235)
        	at org.nuxeo.drive.adapter.impl.DocumentBackedFolderItem.scrollDescendants(DocumentBackedFolderItem.java:204)
        	at org.nuxeo.drive.service.impl.FileSystemItemManagerImpl.scrollDescendants(FileSystemItemManagerImpl.java:194)
        	at org.nuxeo.drive.operations.NuxeoDriveScrollDescendants.run(NuxeoDriveScrollDescendants.java:79)
        	at sun.reflect.GeneratedMethodAccessor1137.invoke(Unknown Source)
        	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        	at java.lang.reflect.Method.invoke(Method.java:498)
        	at org.nuxeo.ecm.automation.core.impl.InvokableMethod.doInvoke(InvokableMethod.java:166)
        	at org.nuxeo.ecm.automation.core.impl.InvokableMethod.invoke(InvokableMethod.java:178)
        	at org.nuxeo.ecm.automation.core.impl.OperationChainCompiler$OperationMethod.invoke(OperationChainCompiler.java:151)
        	at org.nuxeo.ecm.automation.core.impl.OperationChainCompiler$CompiledChainImpl.lambda$invoke$0(OperationChainCompiler.java:218)
        	at org.nuxeo.ecm.automation.OperationContext.call(OperationContext.java:328)
        	at org.nuxeo.ecm.automation.OperationContext.callWithChainParameters(OperationContext.java:293)
        	at org.nuxeo.ecm.automation.core.impl.OperationChainCompiler$CompiledChainImpl.invoke(OperationChainCompiler.java:215)
        	at org.nuxeo.ecm.automation.core.impl.OperationServiceImpl.run(OperationServiceImpl.java:115)
        	at org.nuxeo.ecm.automation.core.impl.OperationServiceImpl.lambda$run$0(OperationServiceImpl.java:105)
        	at org.nuxeo.ecm.automation.OperationContext.call(OperationContext.java:328)
        	at org.nuxeo.ecm.automation.OperationContext.callWithChainParameters(OperationContext.java:293)
        	at org.nuxeo.ecm.automation.core.impl.OperationServiceImpl.run(OperationServiceImpl.java:105)
        	at org.nuxeo.ecm.automation.server.jaxrs.OperationResource.execute(OperationResource.java:58)
        	at org.nuxeo.ecm.automation.server.jaxrs.ExecutableResource.doPost(ExecutableResource.java:70)
        	at sun.reflect.GeneratedMethodAccessor1084.invoke(Unknown Source)
        	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        	at java.lang.reflect.Method.invoke(Method.java:498)
        

      Expected behavior: the synchronization should be done at workspace and first levels and there should not be any errors.
      The synchronization should not look for deeper levels when user does not have enough rights or synchronization is not enabled.

        Attachments

        1. thirdLevelPerms.png
          thirdLevelPerms.png
          203 kB
        2. thirdLevelNoSync.png
          thirdLevelNoSync.png
          170 kB
        3. testWorkspaceSynched.png
          testWorkspaceSynched.png
          172 kB
        4. testWorkspacePerms.png
          testWorkspacePerms.png
          203 kB
        5. secondLevelPerms.png
          secondLevelPerms.png
          196 kB
        6. firstLevelSynched.png
          firstLevelSynched.png
          173 kB
        7. firstLevelPerms.png
          firstLevelPerms.png
          184 kB
        8. driveClientSync.png
          driveClientSync.png
          203 kB

          Issue Links

            Activity

              People

              • Votes:
                2 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: