Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ACL + automation chain : Document.SetACL doesn't use MVEL (user) as i would

milonette_
Star Collaborator
Star Collaborator

‎01-16-2013 11:36 AM

Hello,

I tested this code on Nuxeo 5.6

http://doc.nuxeo.com/display/Studio/Move+a+Document+with+security+constraints

Document.SetACL :

It's impossible to use MVEL language on attribute "user" even if there is a MVEL selector near this attribute.

Endeed, i tested it and saw that every MVEL code is not interpretade by the server.

This is a big probleme because set.acl became unusefull. It's impossible to use it only with "constantes values".

Example: @{Context.principal.name} or @{CurrentUser.principal.name} or @{Context["thisuser"]}

Do you have the same problem ?

Do you know where to find the java code of this operation? thanks

ps - modification: I translated my question in English + completed with the example

ps, le code existant de set.acl: http://hg.nuxeo.org/nuxeo/nuxeo-features/diff/0cc0116fde8a/nuxeo-automation/nuxeo-automation-core/sr...

0 Kudos
3 REPLIES 3

Florent_Guillau
World-Class Innovator
World-Class Innovator

‎01-18-2013 10:42 AM

What exact parameters are you using in your operation? MVEL usage is generic in operations, it should work everywhere.

0 Kudos

milonette_
Star Collaborator
Star Collaborator

‎01-18-2013 11:24 AM

thank you for your answer.

0 Kudos

milonette_
Star Collaborator
Star Collaborator

‎02-13-2013 09:26 AM

Hello,

I solved this problem with this explanation:
/> A) used @{CurrentUser.name} (thanks nuxeo team help) for saving current user login
/> B) acl are visibled on "inheritance right" view in the interface

Context:
/>

  • A user lamba has no right on a workspace.
    />
  • An automation chain has to add TEMPORARY rights to allowed adding a file in this workspace
    />
  • and grant the ReadWrite right on this created file.
  1. SOLUTION OF RIGHT TO USE "SET ACL"

User lambda has no permission to use set.acl operation.
/> ==> Need to LoginAs temporary as Administrator.
/> ==> but save the "login" of the currentUser, first.
/>

  1. Save user login : Execution Context || Set Context Variable || name=loginUser ; value=@{CurrentUser.originatingUser!=null && CurrentUser.originatingUser!=''?CurrentUser.originatingUser:CurrentUser.name}
  2. Users & Group || Login As || name=Administrator
    />
  3. Do set.acl operations HERE on @{loginUser}.
    />
  4. Users & Group || Logout
    />
  5. Do operations for current user.
    />
  1. SOLUTION OF WHICH ACL CHOOSE TO ADD A FILE IN A WORKSPACE WITHOUT ANY RIGHT

Need 2 rights:

  • Document || Set ACL || permission=ReadWrite ; user=@{loginUser} ; acl=new ; grant=true ; overwrite=true
  • Document || Set ACL || permission=AddChildren ; user=@{loginUser} ; acl=new ; grant=true ; overwrite=true
    />
  1. SOLUTION OF DELETE TEMPORARY ACL
  • Need to keep an ACL on the created file => set field acl="local" or acl="othervalue" has you need.
  • remove ACL "new" with the workspace where you had right, as INPUT for "remove ACL"
    • Document || Remove ACL || acl=new

Hope it helps

Milonette

0 Kudos
Getting started

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC