cancel
Showing results for 
Search instead for 
Did you mean: 

Owner Permissions disabled after inheritance set to false

venkat
Champ in-the-making
Champ in-the-making
Hi all,

   I created a document in the user home space using a custom content type that is derived by extending cm:content.  I also set the owner aspect to the custom content type during node creation.

   The user could checkout the document normally. However when the user sets the inheritance on the document to false, the checkout fails saying that access is denied. But the perplexing thing is that when the user creates a document of type "cm:content", then the checkout works normally even when the inheritance is set to false. Why is this behaviour different for custom content types?

/* WORKS FOR normal Content Type */ 
      assocRef = nodeService.createNode(
                folderRef,
                ContentModel.ASSOC_CONTAINS,
                QName.createQName(NamespaceService.CONTENT_MODEL_1_0_URI, QName.createValidLocalName(fileName)),
                ContentModel.TYPE_CONTENT,
                nodeProperties);
        NodeRef currRef = assocRef.getChildRef();
        permissionService.setInheritParentPermissions(currRef , false);
        versionOperationsService.checkout(currRef );
       
       
        /* Fails with access denied for custom content type during checkout */
        assocRef = nodeService.createNode(
                folderRef,
                ContentModel.ASSOC_CONTAINS,
                QName.createQName(CUSTOM_MODEL_URI, QName.createValidLocalName(fileName)),
                ContentModel.TYPE_CUSTOM_CONTENT,
                nodeProperties);
        NodeRef currRef = assocRef.getChildRef();
        permissionService.setInheritParentPermissions(currRef , false);
        versionOperationsService.checkout(currRef );

Thanks,
Venkat
4 REPLIES 4

andy
Champ on-the-rise
Champ on-the-rise
Hi

Use the the OwnableService to set the owner.

Andy

venkat
Champ in-the-making
Champ in-the-making
Hi Andy,

    I used the ownerable service to set the owner, but that did not help. I had to explicit set the permissions on the owner. Do I need to do this or is there a better solution ? Also, in this case, when I change the owner, I need to again explicitly set the permissions.

/* DID NOT WORK */
ownableService.setOwner(nodeRef, username);

/* WORKED */
ownableService.setOwner(nodeRef, username);
        permissionService.setPermission(nodeRef, permissionService.getOwnerAuthority(), permissionService.getAllPermission(), true);

Thanks,
Venkat

andy
Champ on-the-rise
Champ on-the-rise
Hi

Could you post any changes you have made to pemissionDefinitions.xml.
Do you still have the global permission for OWNER? If not you would have to set this per node.

The type based issue is more interesting …. If there are no changes to pemissionDefinitions.xml then it looks like a bug. Let us know and I will dig into this further.

Cheers

Andy

venkat
Champ in-the-making
Champ in-the-making
Hi Andy,

    I did make changes to permissions.xml, but only added to the xml and did not remove anything that is existing already. I created a new content type called cd:document that extends cm:content. As you said, I am explicitly setting the permissions for owner for extension types.
    I am just pasting the extra permissions groups that we added. The global permissions are untouched.

    <!– ================================================ –>
   <!– Permissions available to all content and folders –>
   <!– ================================================ –>

<permissionSet type="cm:cmobject" expose="selected">

<!– MODIFIED Permissions –>
      <permissionGroup name="CdpDelete" expose="true" allowFullControl="false">
          <includePermissionGroup type="sys:base" permissionGroup="Delete"/>
          <includePermissionGroup type="cm:cmobject" permissionGroup="CdpWrite"/>
      </permissionGroup>

      <permissionGroup name="CdpWrite" expose="true" allowFullControl="false">
          <includePermissionGroup type="sys:base" permissionGroup="Write"/>
          <includePermissionGroup type="cm:cmobject" permissionGroup="CdpRead"/>
      </permissionGroup>

      <permissionGroup name="CdpRead"  expose="true" allowFullControl="false">
          <includePermissionGroup type="sys:base" permissionGroup="Read"/>
      </permissionGroup>
     
  </permissionSet>
 

   <!– =============================== –>
   <!– Permissions specific to cd:document : EXTENSION TO cm:content –>
   <!– =============================== –>

   <permissionSet type="cd:document" expose="selected">

      <!– Delete –>
      <permissionGroup name="CdDelete" allowFullControl="false" expose="true">
         <includePermissionGroup permissionGroup="CdpDelete" type="cm:cmobject" />
      </permissionGroup>
     
      <!– Write –>
      <permissionGroup name="CdWrite" allowFullControl="false" expose="true">
         <includePermissionGroup permissionGroup="CdpWrite" type="cm:cmobject" />
      </permissionGroup>

      <!– Read –>
      <permissionGroup name="CdRead" allowFullControl="false" expose="true">
         <includePermissionGroup permissionGroup="CdpRead" type="cm:cmobject" />
      </permissionGroup>

    </permissionSet>