Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-28682

"Everything" permission not expanded in a custom permissions group

    XMLWordPrintable

    Details

      Description

      In Studio Modeler, define XML Extension:

      <extension
  target="org.nuxeo.ecm.core.security.SecurityService"
  point="permissions">
  <permission name="Admin">
    <include>Everything</include>
  </permission>
</extension>

<extension
  target="org.nuxeo.ecm.core.security.SecurityService"
  point="permissionsVisibility">
  <visibility>
    <item order="10"  show="true">Read</item>
    <item order="20"  show="true">ReadWrite</item>
    <item order="99"  show="true">Admin</item>
    <item order="100" show="true">Everything</item>
  </visibility></extension>

      In Web UI, login as Administrator and create a new Document (e.g. File), block permissions inheritance and create the following local ACLs:

      User/Group  Right  Time Frame
John        Admin  Permanent
John        Read   Permanent      (<- this only required because of this bug)

      Login as user John and export JSON of the document.

      Actual result:

      ...
    "permissions": [
      "ReadProperties",
      "ReadSecurity",
      "ReadVersion",
      "Read",
      "Everything",
      "ReadChildren",
      "ReadLifeCycle",
      "ReviewParticipant",
      "Admin",
      "Browse"
    ]

      Expected result:

      ...
    "permissions": [
      "Write",
      "Archive",
      "WriteVersion",
      "CraftLibrarian",
      "ReadProperties",
      "LiteUser",
      "ReadCanCollect",
      "ReadDownloadHighRes",
      "DownloadLowRes",
      "ReadWriteDownloadHighRes",
      "ReadSecurity",
      "Remove",
      "ReadVersion",
      "Read",
      "StandardUser",
      "WriteLifeCycle",
      "Everything",
      "ReadDownloadLowRes",
      "Moderate",
      "Version",
      "ManageLegalHold",
      "DownloadArchived",
      "Librarian",
      "MakeRecord",
      "ReadChildren",
      "AddChildren",
      "Comment",
      "ReadLifeCycle",
      "RemoveChildren",
      "DataVisualization",
      "ReviewParticipant",
      "DownloadHighRes",
      "Unlock",
      "CanAskForPublishing",
      "RestrictedRead",
      "ReadWrite",
      "DomainUploader",
      "Admin",
      "ReadRemove",
      "ProjectUploader",
      "Browse",
      "SetRetention",
      "ViewOnlyUser",
      "WriteProperties",
      "ReadWriteDownloadLowRes",
      "WriteSecurity",
      "ManageWorkflows",
      "RestrictedUser"
    ]
(this JSON exported as Administrator)

      The Admin permission group should expand "Everything" as included.

      A workaround is to include all the atomic permissions in the Admin permissions group in the XML contribution.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              msaye Mark Saye
              Participants:
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: