Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-25828

Improve external permissions experience dealing with multiple items

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 8.10, 9.10, 10.2
    • Fix Version/s: 8.10-HF40, 9.10-HF24, 10.3
    • Component/s: Share UI
    • Release Notes Summary:
      Improved username unicity
    • Tags:
    • Backlog priority:
      800
    • Upgrade notes:
      Hide

      Since 8.10-HF40 and 9.10-HF24

      A new configuration property nuxeo.transient.username.unique is available to define if a computed transient username should be unique no matter what base username is provided, or if it should be always the same for a given base username.
      Having always the same transient username for a given base username allows to generate only one token for a given email when giving permission to an external user: that means if you invite the same external user on 2 documents, he won't have to log out from the first document to see the second one.
      It defaults to true for backward compatibility.

      To disable the uniqueness of the transient username computation, use the following contribution:

      <require>org.nuxeo.ecm.core.api.properties</require>
      <extension target="org.nuxeo.runtime.ConfigurationService" point="configuration">
        <property name="nuxeo.transient.username.unique">false</property>
      </extension>
      

      Since 10.3

      A computed transient username is now always the same for a given base username, so only one token is generated for a given email when giving permission to an external user: that means if you invite the same external user on 2 documents, he won't have to log out from the first document to see the second one.

      To enable back the uniqueness of the transient username computation, use the following contribution:

      <require>org.nuxeo.ecm.core.api.properties</require>
      <extension target="org.nuxeo.runtime.ConfigurationService" point="configuration">
        <property name="nuxeo.transient.username.unique">true</property>
      </extension>
      
      Show
      Since 8.10-HF40 and 9.10-HF24 A new configuration property nuxeo.transient.username.unique is available to define if a computed transient username should be unique no matter what base username is provided, or if it should be always the same for a given base username. Having always the same transient username for a given base username allows to generate only one token for a given email when giving permission to an external user: that means if you invite the same external user on 2 documents, he won't have to log out from the first document to see the second one. It defaults to true for backward compatibility. To disable the uniqueness of the transient username computation, use the following contribution: <require>org.nuxeo.ecm.core.api.properties</require> <extension target= "org.nuxeo.runtime.ConfigurationService" point= "configuration" > <property name= "nuxeo. transient .username.unique" > false </property> </extension> Since 10.3 A computed transient username is now always the same for a given base username, so only one token is generated for a given email when giving permission to an external user: that means if you invite the same external user on 2 documents, he won't have to log out from the first document to see the second one. To enable back the uniqueness of the transient username computation, use the following contribution: <require>org.nuxeo.ecm.core.api.properties</require> <extension target= "org.nuxeo.runtime.ConfigurationService" point= "configuration" > <property name= "nuxeo. transient .username.unique" > true </property> </extension>
    • Sprint:
      nxfit 10.10.1, nxfit 10.10.2, nxfit 10.10.3
    • Story Points:
      3

      Description

      Setting a permission on an asset for an external user works nice when there's only one asset in scope but not when more than one asset is to be shared with a recipient.

      For example, on a Nuxeo repo with assets apple, banana and carrot

      • go to each asset and assign permission to an external user
      • recipient will get one mail per asset, each with its own authorization token
      • open the URL in the first mail, will login to Nuxeo with the auth token, asset is viewable and downloadable
      • open the URL in the second mail, You don't have the necessary permission to do the requested action. is displayed in the browser
      • Logout, try the second URL again, login now works, asset is viewable and downloadable

        Attachments

          Activity

            People

            • Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 0 minutes
                0m
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 2 days
                2d