Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Permissions on rules

dgenard
Champ on-the-rise
Champ on-the-rise

‎11-27-2007 09:09 AM

We have a situation where we want to give read/write permissions to some users on a specific document, but not a their parent space.

So, we can invite a user to a document, an give him the collaborator role on this document, even if he has no right on the container space (not even consumer role).
This works fine, and the invited user can update the document as expected.
Except if there is some rule defined on the parent space (triggered by update events). In this case, when the document is being updated, the rule is read by Alfresco, which throw an AccessDeniedException.

Is it possible to customize default permission definitions to make all rules visible by all users ?

Regards, Denis
Labels:
0 Kudos
3 REPLIES 3

darko_narandzic
Champ in-the-making
Champ in-the-making

‎02-14-2008 06:01 AM

We experienced similar problem.

I have found following forum posts that might be related:
http://forums.alfresco.com/viewtopic.php?t=6913
http://forums.alfresco.com/viewtopic.php?t=1420

I reported a bug:
http://issues.alfresco.com/browse/AWC-1857
0 Kudos

andy
Champ on-the-rise
Champ on-the-rise

‎02-26-2008 12:09 PM

Hi

Please post the exception.

Is it the rule visibility or the execution of the rule that is the issue?

What is the version of Alfresco?

Andy
0 Kudos

dgenard
Champ on-the-rise
Champ on-the-rise

‎02-27-2008 04:43 AM

I think the problem is due to the rule visibility.

To reproduce the problem (on Alfresco 2.1.0E) :
- add a document in a space.
- add a rule on update events on that space (any rule).
- then for a given user, remove him the read permission on that space, and give him collaborator role on the document.

So the user has the right to update the document or its metadata.
But if he updates it, this will trigger the rule execution. He has no read permission on that rule however.
So, this will show an AccessDenied error when clicking the OK button of the Edit Content Properties Dialog.
Please correct the errors below then click OK.
A system error happened during the operation: Access Denied. You do not have the appropriate permissions to perform this operation.

The stack trace of this exception is

org.alfresco.repo.security.permissions.AccessDeniedException: Access Denied.  You do not have the appropriate permissions to perform this operation.
   ExceptionTranslatorMethodInterceptor.invoke(MethodInvocation) line: 53   
   ReflectiveMethodInvocation.proceed() line: 176   
   AuditComponentImpl.audit(MethodInvocation) line: 238   
   AuditMethodInterceptor.invoke(MethodInvocation) line: 69   
   ReflectiveMethodInvocation.proceed() line: 176   
   TransactionInterceptor.invoke(MethodInvocation) line: 107   
   ReflectiveMethodInvocation.proceed() line: 176   
   JdkDynamicAopProxy.invoke(Object, Method, Object[]) line: 210   
   $Proxy2.getChildAssocs(NodeRef, QNamePattern, QNamePattern) line: not available   
   RuleServiceImpl.getRule(NodeRef) line: 580   
   RuleServiceImpl.getRules(NodeRef, boolean, String) line: 386   
   RuleServiceImpl.getRules(NodeRef) line: 339   
   RuleServiceImpl.hasRules(NodeRef) line: 331   
   RuleTypeImpl.triggerRuleType(NodeRef, NodeRef, boolean) line: 132   
   OnPropertyUpdateRuleTrigger(RuleTriggerAbstractBase).triggerRules(NodeRef, NodeRef) line: 162   
   OnPropertyUpdateRuleTrigger.onUpdateProperties(NodeRef, Map<QName,Serializable>, Map<QName,Serializable>) line: 147   
   GeneratedMethodAccessor220.invoke(Object, Object[]) line: not available   
   DelegatingMethodAccessorImpl.invoke(Object, Object[]) line: 25   
   Method.invoke(Object, Object…) line: 597   
   JavaBehaviour$JavaMethodInvocationHandler.invoke(Object, Method, Object[]) line: 179   
   $Proxy7.onUpdateProperties(NodeRef, Map, Map) line: not available   
   GeneratedMethodAccessor121.invoke(Object, Object[]) line: not available   
   DelegatingMethodAccessorImpl.invoke(Object, Object[]) line: 25   
   Method.invoke(Object, Object…) line: 597   
   PolicyFactory$MultiHandler<P>.invoke(Object, Method, Object[]) line: 251   
   $Proxy81.onUpdateProperties(NodeRef, Map, Map) line: not available   
   DbNodeServiceImpl(AbstractNodeServiceImpl).invokeOnUpdateProperties(NodeRef, Map<QName,Serializable>, Map<QName,Serializable>) line: 341   
   DbNodeServiceImpl.setProperties(NodeRef, Map<QName,Serializable>) line: 996   
   GeneratedMethodAccessor548.invoke(Object, Object[]) line: not available   
   DelegatingMethodAccessorImpl.invoke(Object, Object[]) line: 25   
   Method.invoke(Object, Object…) line: 597   
   AopUtils.invokeJoinpointUsingReflection(Object, Method, Object[]) line: 281   
   ReflectiveMethodInvocation.invokeJoinpoint() line: 187   
   ReflectiveMethodInvocation.proceed() line: 154   
   TransactionResourceInterceptor.invoke(MethodInvocation) line: 138   
   ReflectiveMethodInvocation.proceed() line: 176   
   JdkDynamicAopProxy.invoke(Object, Method, Object[]) line: 210   
   $Proxy2.setProperties(NodeRef, Map) line: not available   
   GeneratedMethodAccessor548.invoke(Object, Object[]) line: not available   
   DelegatingMethodAccessorImpl.invoke(Object, Object[]) line: 25   
   Method.invoke(Object, Object…) line: 597   
   StoreRedirectorProxyFactory$RedirectorInvocationHandler.invoke(Object, Method, Object[]) line: 221   
   $Proxy3.setProperties(NodeRef, Map) line: not available   
   MLPropertyInterceptor.invoke(MethodInvocation) line: 220   
   ReflectiveMethodInvocation.proceed() line: 176   
   NodeRefPropertyMethodInterceptor.invoke(MethodInvocation) line: 236   
   ReflectiveMethodInvocation.proceed() line: 176   
   NodeRefPropertyMethodInterceptor.invoke(MethodInvocation) line: 236   
   ReflectiveMethodInvocation.proceed() line: 176   
   JdkDynamicAopProxy.invoke(Object, Method, Object[]) line: 210   
   $Proxy2.setProperties(NodeRef, Map) line: not available   
   GeneratedMethodAccessor548.invoke(Object, Object[]) line: not available   
   DelegatingMethodAccessorImpl.invoke(Object, Object[]) line: 25   
   Method.invoke(Object, Object…) line: 597   
   AopUtils.invokeJoinpointUsingReflection(Object, Method, Object[]) line: 281   
   ReflectiveMethodInvocation.invokeJoinpoint() line: 187   
   ReflectiveMethodInvocation.proceed() line: 154   
   MethodSecurityInterceptor.invoke(MethodInvocation) line: 80   
   ReflectiveMethodInvocation.proceed() line: 176   
   ExceptionTranslatorMethodInterceptor.invoke(MethodInvocation) line: 49   
   ReflectiveMethodInvocation.proceed() line: 176   
   AuditComponentImpl.auditImpl(MethodInvocation) line: 256   
   AuditComponentImpl.audit(MethodInvocation) line: 191   
   AuditMethodInterceptor.invoke(MethodInvocation) line: 69   
   ReflectiveMethodInvocation.proceed() line: 176   
   TransactionInterceptor.invoke(MethodInvocation) line: 107   
   ReflectiveMethodInvocation.proceed() line: 176   
   JdkDynamicAopProxy.invoke(Object, Method, Object[]) line: 210   
   $Proxy2.setProperties(NodeRef, Map) line: not available   
   EditContentPropertiesDossiersDialog(EditContentPropertiesDialog).finishImpl(FacesContext, String) line: 179   
   BaseDialogBean$1.execute() line: 118   
   BaseDialogBean$1.execute() line: 115   
   RetryingTransactionHelper.doInTransaction(RetryingTransactionCallback<R>, boolean, boolean) line: 228   
   RetryingTransactionHelper.doInTransaction(RetryingTransactionCallback<R>) line: 158   
   EditContentPropertiesDossiersDialog(BaseDialogBean).finish() line: 124   
   DialogManager.finish() line: 347   
   NativeMethodAccessorImpl.invoke0(Method, Object, Object[]) line: not available [native method]   
   NativeMethodAccessorImpl.invoke(Object, Object[]) line: 39   
   DelegatingMethodAccessorImpl.invoke(Object, Object[]) line: 25   
   Method.invoke(Object, Object…) line: 597   
   MethodBindingImpl.invoke(FacesContext, Object[]) line: 132   
   ActionListenerImpl.processAction(ActionEvent) line: 61   
   HtmlCommandButton(UICommand).broadcast(FacesEvent) line: 109   
   UIViewRoot._broadcastForPhase(PhaseId) line: 97   
   UIViewRoot.processApplication(FacesContext) line: 171   
   InvokeApplicationExecutor.execute(FacesContext) line: 32   
   LifecycleImpl.executePhase(FacesContext, PhaseExecutor, PhaseListenerManager) line: 95   
   LifecycleImpl.execute(FacesContext) line: 70   
   FacesServlet.service(ServletRequest, ServletResponse) line: 139   
   ApplicationFilterChain.internalDoFilter(ServletRequest, ServletResponse) line: 252   
   ApplicationFilterChain.doFilter(ServletRequest, ServletResponse) line: 173   
   AuthenticationFilter.doFilter(ServletRequest, ServletResponse, FilterChain) line: 81   
   ApplicationFilterChain.internalDoFilter(ServletRequest, ServletResponse) line: 202   
   ApplicationFilterChain.doFilter(ServletRequest, ServletResponse) line: 173   
   StandardWrapperValve.invoke(Request, Response) line: 213   
   StandardContextValve.invoke(Request, Response) line: 178   
   StandardHostValve.invoke(Request, Response) line: 126   
   ErrorReportValve.invoke(Request, Response) line: 105   
   StandardEngineValve.invoke(Request, Response) line: 107   
   CoyoteAdapter.service(Request, Response) line: 148   
   Http11Processor.process(InputStream, OutputStream) line: 869   
   Http11Protocol$JmxHttp11ConnectionHandler(Http11BaseProtocol$Http11ConnectionHandler).processConnection(TcpConnection, Object[]) line: 664   
   PoolTcpEndpoint.processSocket(Socket, TcpConnection, Object[]) line: 527   
   LeaderFollowerWorkerThread.runIt(Object[]) line: 80   
   ThreadPool$ControlRunnable.run() line: 684   
   ThreadWithAttributes(Thread).run() line: 619   

Denis
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC