https://connect.hyland.com/t5/nuxeo-forum/adding-unlock-permission-to-a-specific-group-doesn-apos-t-work/m-p/315719#M2720 <P><span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span> Thank you for your fast answer but my new permission "ReadWriteAndUnlock" include write permission (ReadWrite)</P> <PRE><CODE>&lt;permission name="ReadWriteAndUnlock"&gt; &lt;include&gt;ReadWrite&lt;/include&gt; &lt;include&gt;Unlock&lt;/include&gt; &lt;/permission&gt; </CODE></PRE> <P>How can i implement this scenario ? I dont want my managers have administrator's privilege only for unlock a document.</P> <P>Thank you</P> Thu, 19 Sep 2019 10:13:33 GMT pnux_ 2019-09-19T10:13:33Z https://connect.hyland.com/t5/nuxeo-forum/adding-unlock-permission-to-a-specific-group-doesn-apos-t-work/m-p/315717#M2718 <P>Hello,</P> <P>I use Nuxeo 10.10 with postgresql 11. I try to add an "unlock" permission to a group named "gestionnaire". User in this group can read write and **unlock ** documents</P> <P><EM>What i have done</EM> :</P> <P>I deployed a contribution following <A href="https://doc.nuxeo.com/nxdoc/1010/how-to-grant-the-edit-permission-without-the-remove-permission/" target="test_blank">https://doc.nuxeo.com/nxdoc/1010/how-to-grant-the-edit-permission-without-the-remove-permission/</A></P> <PRE><CODE>&lt;component name="fr.my.project.permissions"&gt; &lt;require&gt;org.nuxeo.runtime.started&lt;/require&gt; &lt;extension target="org.nuxeo.ecm.core.security.SecurityService" point="permissions"&gt; &lt;permission name="ReadWriteAndUnlock"&gt; &lt;include&gt;ReadWrite&lt;/include&gt; &lt;include&gt;Unlock&lt;/include&gt; &lt;/permission&gt; &lt;/extension&gt; &lt;!-- <A href="https://github.com/nuxeo/nuxeo/blob/master/nuxeo-core/nuxeo-core/src/main/resources/OSGI-INF/permissions-contrib.xml" target="test_blank">https://github.com/nuxeo/nuxeo/blob/master/nuxeo-core/nuxeo-core/src/main/resources/OSGI-INF/permissions-contrib.xml</A> --&gt; &lt;extension target="org.nuxeo.ecm.core.security.SecurityService" point="permissionsVisibility"&gt; &lt;visibility&gt; &lt;item order="10" show="true"&gt;Read&lt;/item&gt; &lt;item order="50" denyPermission="Write" show="true"&gt;ReadWrite&lt;/item&gt; &lt;item order="55" denyPermission="Unlock" show="true"&gt;ReadWriteAndUnlock&lt;/item&gt; &lt;item order="100" show="true"&gt;Everything&lt;/item&gt; &lt;/extension&gt; &lt;/component&gt; </CODE></PRE> <P>On repository, i added permissions on the workspace</P> <P><span class="lia-inline-image-display-wrapper" image-alt="type an image title"><img src="https://connect.hyland.com/t5/image/serverpage/image-id/1942i9D33EBCEDBBE693A/image-size/large?v=v2&amp;px=999" role="button" title="type an image title" alt="type an image title" /></span></P> <P>_What i expect _ :</P> <P>A user in default "members" group can lock a document he created. (So he can unlock it too) A user in "manager" group can unlock a document locked by a user of "member"s group (because i had unlock permission)</P> <P><EM>The problem</EM> :</P> <P>A user in "manager" group** can't** unlock a document locked by a user of "member"s group. <STRONG>No unlock</STRONG> button is diplayed in webui.</P> <P>What did I miss?</P> <P>Thank you.</P> Thu, 19 Sep 2019 09:29:01 GMT https://connect.hyland.com/t5/nuxeo-forum/adding-unlock-permission-to-a-specific-group-doesn-apos-t-work/m-p/315717#M2718 pnux_ 2019-09-19T09:29:01Z https://connect.hyland.com/t5/nuxeo-forum/adding-unlock-permission-to-a-specific-group-doesn-apos-t-work/m-p/315718#M2719 <P>This is probably due to the fact that the element displaying the lock and unlock action is filtering with the "Write" permission: <A href="https://github.com/nuxeo/nuxeo-ui-elements/blob/08fd256fb4e7775375c176892098baec21fe302d/actions/nuxeo-lock-toggle-button.html#L133" target="test_blank">https://github.com/nuxeo/nuxeo-ui-elements/blob/08fd256fb4e7775375c176892098baec21fe302d/actions/nuxeo-lock-toggle-button.html#L133</A></P> Thu, 19 Sep 2019 09:46:48 GMT https://connect.hyland.com/t5/nuxeo-forum/adding-unlock-permission-to-a-specific-group-doesn-apos-t-work/m-p/315718#M2719 Gregory_Carlin 2019-09-19T09:46:48Z https://connect.hyland.com/t5/nuxeo-forum/adding-unlock-permission-to-a-specific-group-doesn-apos-t-work/m-p/315719#M2720 <P><span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span> Thank you for your fast answer but my new permission "ReadWriteAndUnlock" include write permission (ReadWrite)</P> <PRE><CODE>&lt;permission name="ReadWriteAndUnlock"&gt; &lt;include&gt;ReadWrite&lt;/include&gt; &lt;include&gt;Unlock&lt;/include&gt; &lt;/permission&gt; </CODE></PRE> <P>How can i implement this scenario ? I dont want my managers have administrator's privilege only for unlock a document.</P> <P>Thank you</P> Thu, 19 Sep 2019 10:13:33 GMT https://connect.hyland.com/t5/nuxeo-forum/adding-unlock-permission-to-a-specific-group-doesn-apos-t-work/m-p/315719#M2720 pnux_ 2019-09-19T10:13:33Z https://connect.hyland.com/t5/nuxeo-forum/adding-unlock-permission-to-a-specific-group-doesn-apos-t-work/m-p/315720#M2721 <P>I suggest you to make a JSON export of the document to be sure about the permissions which are set on, and check with the Browser console what's happening exactly (with breaking points and co)</P> Thu, 19 Sep 2019 12:17:24 GMT https://connect.hyland.com/t5/nuxeo-forum/adding-unlock-permission-to-a-specific-group-doesn-apos-t-work/m-p/315720#M2721 Gregory_Carlin 2019-09-19T12:17:24Z https://connect.hyland.com/t5/nuxeo-forum/adding-unlock-permission-to-a-specific-group-doesn-apos-t-work/m-p/315721#M2722 <P>I have checked JSON export of the document when it is **locked **by another user</P> <P>Here they are :</P> <P><CODE>"permissions": [ "ReadProperties", "ReadSecurity", "ReadVersion", "Read", "ReadChildren", "ReadLifeCycle", "ReviewParticipant", "Unlock", "ReadWrite", "Browse", "ReadWriteAndUnlock" ]</CODE></P> <P>when the document is <STRONG>unlocked</STRONG> i have the following permission</P> <P><CODE>"permissions": [ "Write", "WriteVersion", "ReadProperties", "ReadSecurity", "Remove", "ReadVersion", "Read", "WriteLifeCycle", "ReadChildren", "AddChildren", "ReadLifeCycle", "RemoveChildren", "ReviewParticipant", "Unlock", "ReadWrite", "Browse", "ReadWriteAndUnlock", "WriteProperties", "ManageWorkflows" ] </CODE></P> <P>I think the problem is similar of this old one (for JSF UI : <A href="https://jira.nuxeo.com/browse/NXP-15232" target="test_blank">https://jira.nuxeo.com/browse/NXP-15232</A></P> <P>What do you think ?</P> Thu, 19 Sep 2019 15:04:11 GMT https://connect.hyland.com/t5/nuxeo-forum/adding-unlock-permission-to-a-specific-group-doesn-apos-t-work/m-p/315721#M2722 pnux_ 2019-09-19T15:04:11Z https://connect.hyland.com/t5/nuxeo-forum/adding-unlock-permission-to-a-specific-group-doesn-apos-t-work/m-p/315722#M2723 <P>Okay, I made a little patch and it works. My user in "gestionnaire" group can unlock the doc</P> <PRE><CODE>_isAvailable(doc) { return doc &amp;&amp; !doc.isVersion &amp;&amp; (this.hasPermission(doc, 'Unlock') || this.hasPermission(doc, 'Write') ) &amp;&amp; !this.isImmutable(doc) } </CODE></PRE> <P>But I think it's not the correct way to do what i want.</P> Thu, 19 Sep 2019 16:24:53 GMT https://connect.hyland.com/t5/nuxeo-forum/adding-unlock-permission-to-a-specific-group-doesn-apos-t-work/m-p/315722#M2723 pnux_ 2019-09-19T16:24:53Z