https://connect.hyland.com/t5/alfresco-archive/allowableaction-question/m-p/306620#M259750 <HTML><HEAD></HEAD><BODY><SPAN>Hi,</SPAN><BR /><SPAN>I am developing server side CMIS implementation. Have problem with AllowableAction specification.</SPAN><BR /><SPAN>My repository provides i.e. this permission mapping:</SPAN><BR /><BR /><PRE class="language-none line-numbers"><CODE><BR />&lt;ns2:permissions&gt;<BR />&nbsp;&nbsp;&nbsp;&lt;ns2:permission&gt;test_permission&lt;/ns2:permission&gt;<BR />&nbsp;&nbsp;&nbsp;&lt;ns2:description&gt;this is test permission&lt;/ns2:description&gt;<BR />&lt;/ns2:permissions&gt;<BR />&lt;ns2:mapping&gt;<BR />&nbsp;&nbsp;&nbsp;&lt;ns2:key&gt;canCreateDocument.Folder&lt;/ns2:key&gt;&nbsp;&nbsp;&nbsp;<BR />&nbsp;&nbsp;&nbsp;&lt;ns2:permission&gt;test_permission&lt;/ns2:permission&gt;<BR />&lt;/ns2:mapping&gt;<BR /><SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><BR /><BR /><SPAN>AllowableAction i.e. contains property 'canCreateFolder'. This property is maps to key 'canCreateDocument.Folder'. </SPAN><BR /><BR /><SPAN>Test user have list of permissions and have permission 'test_permission'. </SPAN><BR /><SPAN>For requested object (in this example folder) client receive from server list of AllowableActions. Can I say, property 'canCreateFolder' is true for object and current user, because curent user does have permission 'test_permission'. Is this enough? Or I should check object ACE and compare record by principal, permission for this object? Do I need to check ACE of object for every property of AllowableActions list?</SPAN><BR /><BR /><SPAN>I understand principe of allowableActions like something, what I can do over current object by current user permissions. Something like pre-check and the runtime check is performed directly over the action (in this case it is createFolder).</SPAN><BR /><BR /><SPAN>Thanks for your answers.</SPAN><BR /><BR /><SPAN>Lestat</SPAN><BR /><BR /></BODY></HTML> Thu, 08 Aug 2013 15:47:47 GMT lycantrop 2013-08-08T15:47:47Z https://connect.hyland.com/t5/alfresco-archive/allowableaction-question/m-p/306620#M259750 Hi,I am developing server side CMIS implementation. Have problem with AllowableAction specification.My repository provides i.e. this permission mapping:&lt;ns2<IMG id="smileytongue" class="emoticon emoticon-smileytongue" src="https://migration33.stage.lithium.com/i/smilies/16x16_smiley-tongue.png" alt="Smiley Tongue" title="Smiley Tongue" />ermissions&gt;&nbsp;&nbsp;&nbsp;&lt;ns2<IMG id="smileytongue" class="emoticon emoticon-smileytongue" src="https://migration33.stage.lithium.com/i/smilies/16x16_smiley-tongue.png" alt="Smiley Tongue" title="Smiley Tongue" />ermission&gt;test_permission&lt;/ns2<IMG id="smileytongue" class="emoticon emoticon-smileytongue" src="https://migration33.stage.lithium.com/i/smilies/16x16_smiley-tongue.png" alt="Smiley Tongue" title="Smiley Tongue" />ermission&gt;&nbsp;&nbsp;&nbsp;&lt;ns2:description&gt;this is test permission&lt;/ns2:desc Thu, 08 Aug 2013 15:47:47 GMT https://connect.hyland.com/t5/alfresco-archive/allowableaction-question/m-p/306620#M259750 lycantrop 2013-08-08T15:47:47Z https://connect.hyland.com/t5/alfresco-archive/allowableaction-question/m-p/306621#M259751 <HTML><HEAD></HEAD><BODY><SPAN>I'am not sure whether I understand what you mean. </SPAN><BR /><SPAN>If you have the allowable action (for example CAN_CREATE_FOLDER) ,you already have the permission to do that operation (createFolder). You don't need to check acl any more.</SPAN></BODY></HTML> Sat, 10 Aug 2013 15:34:00 GMT https://connect.hyland.com/t5/alfresco-archive/allowableaction-question/m-p/306621#M259751 kaynezhang 2013-08-10T15:34:00Z