Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-27714

Review Web UI elements safeguards and availability based on atomic permissions

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Won't Do
    • Affects Version/s: 9.10
    • Fix Version/s: None
    • Component/s: Web UI
    • Tags:
    • Backlog priority:
      600
    • Upgrade notes:
      Hide

      To be handled in WEBUI-20 as a 10.10 (partial) backport of NXP-29466.

      Show
      To be handled in WEBUI-20 as a 10.10 (partial) backport of NXP-29466 .
    • Team:
      UI
    • Sprint:
      nxGang Sprint 11.1.14, UI - 2020-08

      Description

      Our elements check grouped permissions whereas it should check atomic permissions.

      For instance, our nuxeo-document-form-button.html relies on:

      this.hasPermission(doc, 'Write')
      

      to be available whereas it should check the WriteProperties atomic permission.

      As a direct result, a custom grouped permissions including WriteProperties will not make the edit button available.

      We have many other use cases that may require a review (including in nuxeo-elements, probably another ELEMENTS JIRA ticket will be needed).

      ~/workspace/nuxeo-web-ui$ find elements/ -name "*.js" | xargs grep "'Write'"
      elements/nuxeo-document-creation/nuxeo-document-creation-behavior.js:          document.contextParameters.permissions.indexOf('Write') > -1 ||
      elements/search/nuxeo-saved-search-actions.js:      ? this.searchDoc.contextParameters.permissions.indexOf('Write') > -1 ||
      elements/nuxeo-results/nuxeo-document-content-behavior.js:      return doc && this.hasPermission(doc, 'Write');
      elements/nuxeo-document-bulk-actions/nuxeo-untrash-documents-button.js:   * Checks if a single given document has 'Write' permission
      elements/nuxeo-document-bulk-actions/nuxeo-untrash-documents-button.js:    return this.hasPermission(document, 'Write');
      elements/nuxeo-document-bulk-actions/nuxeo-delete-documents-button.js:   * Checks if a single given document has 'Everything' permission to delete or 'Write' to trash
      elements/nuxeo-document-bulk-actions/nuxeo-delete-documents-button.js:    return this.hasPermission(document, 'Everything') || (!this.hard && this.hasPermission(document, 'Write'));
      elements/nuxeo-document-attachments/nuxeo-document-attachments.js:      doc && this.hasPermission(doc, 'Write') && !this.isImmutable(doc) && doc.type !== 'Root' && !this.isTrashed(doc)
      elements/nuxeo-note-editor/nuxeo-note-editor.js:    return document.type !== 'Root' && this.hasPermission(document, 'Write') && this._isMutable(document);
      elements/document/nuxeo-collapsible-document-page.js:                readonly="[[!hasPermission(document, 'Write')]]"
      elements/nuxeo-document-actions/nuxeo-replace-blob-button.js:      this.hasPermission(doc, 'Write') &&
      elements/nuxeo-document-actions/nuxeo-document-form-button.js:    return doc && doc.type !== 'Root' && this.hasPermission(doc, 'Write') && this._isMutable(doc);
      elements/nuxeo-publication/nuxeo-unpublish-button.js:    return this.document && this.document.isProxy && this.hasPermission(this.document, 'Write');
      elements/nuxeo-publication/nuxeo-document-publications.js:    return doc && this.hasPermission(doc, 'Write');
      elements/nuxeo-document-versions/nuxeo-document-versions.js:    const permission = !this.isVersion(doc) && this.hasFacet(doc, 'Versionable') && this.hasPermission(doc, 'Write');
      elements/nuxeo-document-versions/nuxeo-document-create-version.js:    return !this.isVersion(doc) && this.hasFacet(doc, 'Versionable') && this.hasPermission(doc, 'Write');
      elements/nuxeo-document-create-button/nuxeo-document-create-button.js:        document.contextParameters.permissions.indexOf('Write') > -1 ||
      elements/nuxeo-document-viewer/nuxeo-document-viewer.js:      doc && this.hasPermission(doc, 'Write') && !this.isImmutable(doc) && doc.type !== 'Root' && !this.isTrashed(doc)
      elements/nuxeo-document-info-bar/nuxeo-document-info-bar.js:        <template is="dom-if" if="[[!hasPermission(document, 'Write')]]">
      elements/nuxeo-document-info-bar/nuxeo-document-info-bar.js:        <template is="dom-if" if="[[hasPermission(document, 'Write')]]">
      

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 0 minutes
                  0m
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 30 minutes
                  30m