[NXP-27893] ReadOnly user can add directories as Target Document without Write permissions to them - Nuxeo Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: ADDONS_10.10
Component/s: Aspera Connector

Tags:
- test_scenario
Team:
NOS
Sprint:
NOS 11.1.16 - 2019-08 2, NOS 11.1.17 - 2019-09 1

Description

After adding read only permissions to a user in one domain, when we login with that user we can use the Nuxeo Upload with Aspera and upload a file to webui and give permissions to other users to see that document

How to reproduce:

With Admin create a user and give Read Only permission in the Domain to it
login with Read Only user
go to Nuxeo Upload with Aspera
upload a document adding a workspace in the Domain as a Target Document(error - with Read Permissions you shouldn't be able to choose directories besides your own userWorkspace)
edit the rest of the metadata
complete transfer - operation fails with message:
Failed to invoke operation FileManager.Import, Not enough rights to create folder --->(should fail early)

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

editTransfer.png
229 kB
2019-08-14 14:11

Activity

People

Assignee:

Vladimir Pasquier

Reporter:

Fábio Santos

Participants:

Fábio Santos, Support Tech User, Vladimir Pasquier

Votes:

0 Vote for this issue

Watchers:

3 Start watching this issue

Dates

Created:

2019-08-14 14:05

Updated:

2020-08-03 20:50

Resolved:

2019-09-05 10:26

Time Tracking

Estimated:

Not Specified

Remaining:

Logged: