Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-31836

Fix deletion of sub-documents where permissions are blocked

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 2021.0
    • Fix Version/s: 2023.0, 2021.38
    • Component/s: Core
    • Release Notes Summary:
      Documents with sub-documents where permissions are blocked cannot be deleted
    • Release Notes Description:
      Hide

      For a scalable document remove check, new indexes are required for MongoDB backend:

      db.default.createIndex(
   { "ecm:acp.acl.grant": 1 }
);
db.default.createIndex(
   { "ecm:hasLegalHold": 1 }
);

      Otherwise, the nuxeo server will attempt to create these indexes if not present at start-up. In the case of an existing instance with large amounts of documents, this process may time out and/or affect performance.

      Show
      For a scalable document remove check, new indexes are required for MongoDB backend: db. default .createIndex( { "ecm:acp.acl.grant" : 1 } ); db. default .createIndex( { "ecm:hasLegalHold" : 1 } ); Otherwise, the nuxeo server will attempt to create these indexes if not present at start-up. In the case of an existing instance with large amounts of documents, this process may time out and/or affect performance.
    • Tags:
    • Backlog priority:
      900
    • Sprint:
      nxplatform #87, nxplatform #88
    • Story Points:
      8

      Description

      Steps to reproduce:

      1. create a folder A
      2. set ReadWrite permission to user Duncan
      3. in folder A, create 2 documents AA and AB
      4. block rights inheritance on document AB => Ducan cannot access document AB
      5. as the user Duncan, delete folder A, with a curl command like below
      curl -X DELETE 'https://xxx.nuxeo.com/nuxeo/api/v1/id/837faafd-7505-432c-92ea-53ada7f1c078?' -H 'Nuxeo-Transaction-Timeout: 3000' -H 'X-NXproperties: *' -H 'X-NXRepository: default' -H 'content-type: application/json' -u Administrator:Administrator

      Observe that folder A and documents AA and AB are definitively deleted whereas document AB should not be deleted

      Expected behavior: at least 3 ways of dealing with that:

      1) folder A and document AA are deleted because Duncan has ReadWrite permission them ; document AB is not deleted but becomes a placeless document

      2) only document AA is deleted ; document AB is not deleted because Duncan cannot delete it and folder A is kept to be able to browse to document AB ==> this last solution seems to be the most common one as for example on a Linux system, the folders are not deleted if a children cannot be deleted (but Nuxeo is different and documents can be placeless, so I will not force to this solution)

      3) nothing is performed as there is a document which cannot be deleted and a warning is displayed to the user or returned in the response

       

      The current behavior is related to the fact that the deletion is delegated to the backend and some kind of DELETE ON CASCADE is operated without checking the permissions.

      There could be a pre-check before performing the delete to find all the documents which cannot be deleted, and then delete the correct documents from the leaf to the root thanks to the BAF.

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: