Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-28682

"Everything" permission not expanded in a custom permissions group

    Details

      Description

      In Studio Modeler, define XML Extension:

      <extension
        target="org.nuxeo.ecm.core.security.SecurityService"
        point="permissions">
        <permission name="Admin">
          <include>Everything</include>
        </permission>
      </extension>
      
      <extension
        target="org.nuxeo.ecm.core.security.SecurityService"
        point="permissionsVisibility">
        <visibility>
          <item order="10"  show="true">Read</item>
          <item order="20"  show="true">ReadWrite</item>
          <item order="99"  show="true">Admin</item>
          <item order="100" show="true">Everything</item>
        </visibility></extension>
      

      In Web UI, login as Administrator and create a new Document (e.g. File), block permissions inheritance and create the following local ACLs:

      User/Group  Right  Time Frame
      John        Admin  Permanent
      John        Read   Permanent      (<- this only required because of this bug)

      Login as user John and export JSON of the document.

      Actual result:

      ...
          "permissions": [
            "ReadProperties",
            "ReadSecurity",
            "ReadVersion",
            "Read",
            "Everything",
            "ReadChildren",
            "ReadLifeCycle",
            "ReviewParticipant",
            "Admin",
            "Browse"
          ]

      Expected result:

      ...
          "permissions": [
            "Write",
            "Archive",
            "WriteVersion",
            "CraftLibrarian",
            "ReadProperties",
            "LiteUser",
            "ReadCanCollect",
            "ReadDownloadHighRes",
            "DownloadLowRes",
            "ReadWriteDownloadHighRes",
            "ReadSecurity",
            "Remove",
            "ReadVersion",
            "Read",
            "StandardUser",
            "WriteLifeCycle",
            "Everything",
            "ReadDownloadLowRes",
            "Moderate",
            "Version",
            "ManageLegalHold",
            "DownloadArchived",
            "Librarian",
            "MakeRecord",
            "ReadChildren",
            "AddChildren",
            "Comment",
            "ReadLifeCycle",
            "RemoveChildren",
            "DataVisualization",
            "ReviewParticipant",
            "DownloadHighRes",
            "Unlock",
            "CanAskForPublishing",
            "RestrictedRead",
            "ReadWrite",
            "DomainUploader",
            "Admin",
            "ReadRemove",
            "ProjectUploader",
            "Browse",
            "SetRetention",
            "ViewOnlyUser",
            "WriteProperties",
            "ReadWriteDownloadLowRes",
            "WriteSecurity",
            "ManageWorkflows",
            "RestrictedUser"
          ]
      (this JSON exported as Administrator)

      The Admin permission group should expand "Everything" as included.

      A workaround is to include all the atomic permissions in the Admin permissions group in the XML contribution.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              msaye Mark Saye
              Participants:
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:

                PagerDuty

                Error rendering 'com.pagerduty.jira-server-plugin:PagerDuty'. Please contact your Jira administrators.