Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-30578

Fix READ ACLS computation on versions after a permission change

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 10.10
    • Fix Version/s: 10.10-HF55, 2021.12
    • Component/s: Core VCS
    • Release Notes Summary:
      Read ACL for all versions of children are recomputed after a permission change.
    • Tags:
    • Backlog priority:
      775
    • Upgrade notes:
      Hide

      During an ACL update of a folder, Read ACL are materialized on children documents for search optimization, this is done on different backends (Mongo, PostgreSQL).
      The current fix is also recomputing Read ACL for all versions of children, this means more queries and database updates, which certainly impacts the performance during massive ACL updates.

      Show
      During an ACL update of a folder, Read ACL are materialized on children documents for search optimization, this is done on different backends (Mongo, PostgreSQL). The current fix is also recomputing Read ACL for all versions of children, this means more queries and database updates, which certainly impacts the performance during massive ACL updates.
    • Sprint:
      nxplatform #45, nxplatform #46, nxplatform #47, nxplatform #48, nxplatform #49
    • Story Points:
      0

      Description

      Pre-requisite :

      Steps to reproduce:

      1. create a Workspace under /default-domain/workspaces and grant Write permission to userA
      2. as UserA, create a Versionable Folder and inside a regular Folder
      3. call this command to snapshot the Versionable Folder 
        curl -X POST 'http://localhost:8080/nuxeo/site/automation/Document.CreateTreeSnapshot' -H 'Nuxeo-Transaction-Timeout: 3' -H 'X-NXproperties: *' -H 'X-NXRepository: default' -H 'X-NXVoidOperation: false' -H 'content-type: application/json' -d '{"params":{},"input":"/default-domain/workspaces/workspace/snapfolder","context":{}}' -u userA:<PASSWORD>
      4. grant Read permission to userB on the Versionable Folder
      5. as userB, run a NXQL query (disable Elasticsearch if needed) to find the versions 
        select * from Document where ecm:isVersion=1
      6. observe that the query does not return any result

      If the READ ACLs are built with "select nx_rebuild_read_acls()", then the results are displayed as expected

        Attachments

          Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. NXP-28758 Allow ACLs on versions

          • Major - Major loss of function.
          • Resolved
          Is referenced in

          [Captain Hook] PR for 10.10: #4973 PR for 10.10: #4973

          [Captain Hook] PR for 2021: #259 PR for 2021: #259

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: