Without seeing the code it is hard to say, but it sounds like you might not be passing in the credentials in the header. When connecting to CMIS, you can either use basic authentication or you can use an Alfresco ticket. Tickets get passed in through an "alf_ticket" argument, so you clearly aren't doing that.
The auth header needs to be set on every request.
You could test your call using curl. For example, you should be able to do:
curl -uSomeUser
omePassword "http://.../alfresco/service/cmis/arg/n?noderef=workspace%3A%2F%2FSpacesStore%2F68c3c179-7027-466a-ad..."
And have that come back successfully. If you get the same response you are currently seeing, then you might be able to assume that the user and password you are using doesn't have the permissions to hit the node you are trying to hit.
If it works, but your Ruby code fails, you might be able to assume that the Ruby code is screwing up the auth somewhere.
Jeff
The auth header needs to be set on every request.
You could test your call using curl. For example, you should be able to do:
curl -uSomeUser
omePassword "http://.../alfresco/service/cmis/arg/n?noderef=workspace%3A%2F%2FSpacesStore%2F68c3c179-7027-466a-ad..."And have that come back successfully. If you get the same response you are currently seeing, then you might be able to assume that the user and password you are using doesn't have the permissions to hit the node you are trying to hit.
If it works, but your Ruby code fails, you might be able to assume that the Ruby code is screwing up the auth somewhere.
Jeff
You're right! The problem was indeed the user didn't have permissions to read that node (silly me! 
ops: )
Thank you very much Jeff!
ops: )Thank you very much Jeff!
Hi!
my problem now is that the api I'm using needs to get repository info before performing any other operation. Then, through repository object, it gets several templates for getting objects by id, by path, … (I understand the reason is the urls may vary depending on the CMS I'm connecting) But when I try this steps with a user without access to root folder, I get a forbidden exception. Is it possible for a non-admin user to retrieve repository info?
EDITED:
also, trying to connect to the home space of a given user, if the user does not have permissions to company home, I get a forbidden exception. The url looks like…
curl -uUser
assword "http://localhost/alfresco/service/cmis/arg/n?noderef=workspace%3A%2F%2FSpacesStore%2Fd96b2971-c718-4..."
this url returns me the node, only when the user has permissions to read company home. This doesn't make much sense to me, so I'm pretty sure I'm missing something obvious here. Please, any advice would be really appreciated.
Best regards.
my problem now is that the api I'm using needs to get repository info before performing any other operation. Then, through repository object, it gets several templates for getting objects by id, by path, … (I understand the reason is the urls may vary depending on the CMS I'm connecting) But when I try this steps with a user without access to root folder, I get a forbidden exception. Is it possible for a non-admin user to retrieve repository info?
EDITED:
also, trying to connect to the home space of a given user, if the user does not have permissions to company home, I get a forbidden exception. The url looks like…
curl -uUser
assword "http://localhost/alfresco/service/cmis/arg/n?noderef=workspace%3A%2F%2FSpacesStore%2Fd96b2971-c718-4..."this url returns me the node, only when the user has permissions to read company home. This doesn't make much sense to me, so I'm pretty sure I'm missing something obvious here. Please, any advice would be really appreciated.
Best regards.
I don't think you need access to Company Home to get the repository information. To confirm that, I went into my Alfresco 4.0.d Community repository and removed the EVERYONE group from Company Home. I then used cmislib to connect as a test user (non-admin) and successfully retrieved the repository information:
However, as you mentioned, when attempting to retrieve the properties of tuser1's home directory, I got a permission denied. That's because the user's home directory sits in "User Homes" and tuser1 has no access to User Homes–User Homes inherits its perms from Company Home. When I made the EVERYONE group a consumer on User Homes, the tuser1 user was able to get to his home directory.
What's going on is that the properties of an object include some properties related to the parent. If the user has no access to the parent, the calls fail. You can work around this by providing a filter that lists only the properties you need and excludes any parent-related properties.
For example, if tuser1 has no access to the User Homes folder, the following call will fail with a PermissionDeniedException:
But this call, which excludes properties like cmisarentObjectId and cmisath will successfully retrieve the object:
Jeff
>>> from cmislib.model import CmisClient>>> client = CmisClient('http://localhost:8080/alfresco/cmisatom', 'tuser1', 'password')>>> repo = client.defaultRepository>>> repo.getRepositoryInfo(){u'aclCapability': None, u'cmisVersionSupported': u'1.0', u'principalAnonymous': u'guest', u'principalAnyone': u'GROUP_EVERYONE', u'repositoryDescription': u'Main Repository', u'changesOnType': u'cmis:folder', u'changesIncomplete': u'true', u'productVersion': u'4.0.0 (4003)', u'rootFolderId': u'workspace://SpacesStore/98f66c7a-b300-48b9-b35f-8695b8ca22b8', u'repositoryId': u'558e5b3c-71a0-42ac-b420-eda16e93e95b', u'repositoryName': u'Main Repository', u'vendorName': u'Alfresco', u'productName': u'Alfresco Repository (contentUrl=|mimetype=|size=0|encoding=|locale=en_US_|id=120)'}However, as you mentioned, when attempting to retrieve the properties of tuser1's home directory, I got a permission denied. That's because the user's home directory sits in "User Homes" and tuser1 has no access to User Homes–User Homes inherits its perms from Company Home. When I made the EVERYONE group a consumer on User Homes, the tuser1 user was able to get to his home directory.
What's going on is that the properties of an object include some properties related to the parent. If the user has no access to the parent, the calls fail. You can work around this by providing a filter that lists only the properties you need and excludes any parent-related properties.
For example, if tuser1 has no access to the User Homes folder, the following call will fail with a PermissionDeniedException:
home = repo.getObjectByPath('/User Homes/tuser1')But this call, which excludes properties like cmis
arentObjectId and cmisath will successfully retrieve the object:home = repo.getObjectByPath('/User Homes/tuser1', filter="cmis:creationDate,cm:owner,cmis:changeToken,cm:description,cmis:objectId,cmis:objectTypeId,cmis:lastModifiedBy,cmis:name,cmis:createdBy,cmis:baseTypeId")Jeff
Thanks Jeff, it's good to know 
I'll give it a try to 4.0.d
Again, thank you very much for all your help, it's really appreciated!
I'll give it a try to 4.0.d
Again, thank you very much for all your help, it's really appreciated!
