Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-26505

Picture rotation buttons available with read-only rights

    XMLWordPrintable

    Details

    • Release Notes Summary:
        Picture rotation buttons is available only with Write permission.
    • Tags:
    • Backlog priority:
      400
    • Upgrade notes:
      Hide

      Picture rotation buttons is available only for write rights.

      Show
      Picture rotation buttons is available only for write rights.
    • Sprint:
      nxfit 11.1.6, nxfit 11.1.7
    • Story Points:
      3

      Description

      1. install Nuxeo
      2. install nuxeo-jsf-ui
      3. install nuxeo-dam
      4. login to Nuxeo as Administrator
      5. create a user named robert
      6. create a workspace
      7. create a Picture document and attach a picture file to it
      8. give Read permissions to the robert user
      9. copy the permalink
      10. logout
      11. paste the permalink in the browser
      12. login as robert user
      13. observe the rotation buttons are visible
      14. click a button (rotate left or right)
      15. observe the following error being displayed:
        Privilege 'WriteProperties' is not granted to 'robert'
        
                        javax.servlet.ServletException: On requestURL: http://localhost:8080/nuxeo/view_documents.faces
        	at org.nuxeo.ecm.platform.ui.web.rest.FancyURLFilter.doFilter(FancyURLFilter.java:140)
        	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
        	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        	at org.nuxeo.ecm.platform.web.common.requestcontroller.filter.NuxeoRequestControllerFilter.doFilter(NuxeoRequestControllerFilter.java:148)
        	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
        	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        	at org.nuxeo.ecm.webdav.service.WIRequestFilter.doFilter(WIRequestFilter.java:61)
        	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
        	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        

      A read-only user should not see the buttons since they modify the document by rotating the attached picture and thus performing a write operation.

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 1 day
                1d

                  PagerDuty

                  Error rendering 'com.pagerduty.jira-server-plugin:PagerDuty'. Please contact your Jira administrators.