From dev-return-4481-apmail-chemistry-dev-archive=chemistry.apache.org@chemistry.apache.org Wed Nov 9 18:53:15 2011 Return-Path: X-Original-To: apmail-chemistry-dev-archive@www.apache.org Delivered-To: apmail-chemistry-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 816997196 for ; Wed, 9 Nov 2011 18:53:15 +0000 (UTC) Received: (qmail 24838 invoked by uid 500); 9 Nov 2011 18:53:15 -0000 Delivered-To: apmail-chemistry-dev-archive@chemistry.apache.org Received: (qmail 24803 invoked by uid 500); 9 Nov 2011 18:53:15 -0000 Mailing-List: contact dev-help@chemistry.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@chemistry.apache.org Delivered-To: mailing list dev@chemistry.apache.org Received: (qmail 24789 invoked by uid 99); 9 Nov 2011 18:53:15 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 09 Nov 2011 18:53:15 +0000 X-ASF-Spam-Status: No, hits=-2.3 required=5.0 tests=RCVD_IN_DNSWL_MED,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of florian.mueller@alfresco.com designates 207.126.144.111 as permitted sender) Received: from [207.126.144.111] (HELO eu1sys200aog101.obsmtp.com) (207.126.144.111) by apache.org (qpsmtpd/0.29) with SMTP; Wed, 09 Nov 2011 18:53:08 +0000 Received: from zimbra.alfresco.com ([88.151.129.3]) by eu1sys200aob101.postini.com ([207.126.147.11]) with SMTP ID DSNKTrrL/Q1KiBeIwFe95KkndGGVynuFonmq@postini.com; Wed, 09 Nov 2011 18:52:47 UTC Received: from localhost (localhost.localdomain [127.0.0.1]) by zimbra.alfresco.com (Postfix) with ESMTP id 673D8B4001E; Wed, 9 Nov 2011 18:52:45 +0000 (GMT) X-Virus-Scanned: amavisd-new at unx-d-manc4.tc.ifeltd.com Received: from zimbra.alfresco.com ([127.0.0.1]) by localhost (zimbra.alfresco.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MBJfnCGTtFJ0; Wed, 9 Nov 2011 18:52:44 +0000 (GMT) Received: from Florian-Mullers-MacBook-Pro-2.local (unknown [208.181.48.10]) (Authenticated sender: florian.mueller) by zimbra.alfresco.com (Postfix) with ESMTP id 050F2B4001D; Wed, 9 Nov 2011 18:52:43 +0000 (GMT) Message-ID: <4EBACBF9.50008@alfresco.com> Date: Wed, 09 Nov 2011 10:52:41 -0800 From: =?ISO-8859-1?Q?Florian_M=FCller?= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:8.0) Gecko/20111105 Thunderbird/8.0 MIME-Version: 1.0 To: dev@chemistry.apache.org CC: Stefano Lauricella Subject: Re: Workbench and ACLs References: <2666EB2A846BAC4BB2D7F593301A7868074C9AB2@MUCXGC2.opentext.net> <4EBA9ABC.8020303@alfresco.com> <2666EB2A846BAC4BB2D7F593301A7868074C9B0E@MUCXGC2.opentext.net> In-Reply-To: <2666EB2A846BAC4BB2D7F593301A7868074C9B0E@MUCXGC2.opentext.net> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Hi Stefano, The problem is that a Permission Denied exception does not indicate (in a standardized way) which part of the object the user is not allowed to see. We could, of course, fetch the ACLs separately to circumvent the problem. Even better would be if someone would implement an ACL editor. ;-) Florian On 09/11/2011 09:18, Stefano Lauricella wrote: > Hi Florian, > > this worked of course, thank you! > However at this point no ACLs are shown at all even where it could be. > > An error handling similar to the one I mentioned before wouldn't be bad though. > > Thanks, > Stefano > > -----Original Message----- > From: Florian Müller [mailto:florian.mueller@alfresco.com] > Sent: Mittwoch, 9. November 2011 16:23 > To: dev@chemistry.apache.org > Cc: Stefano Lauricella > Subject: Re: Workbench and ACLs > > Hi Stefano, > > Go the Expert tab in the Login dialog and add this line: > > cmis.workbench.object.includeAcls=false > > > -Florian > > > On 09/11/2011 06:08, Stefano Lauricella wrote: >> Hi team, >> >> I have a question about the Workbench. >> >> I'm experiencing a problem whenever I perform a login using a user, >> who has no rights to see and modify permissions. It looks like the >> Workbench performs an extra getObject call with the includeAcls=true >> argument to retrieve the object permissions and fill the ACL pane on >> the right. At this point our CMIS implementation throws a >> PERMISSION_DENIED error according to the chapter 2.2.1.2.5 of the >> specification (see "... MUST return the ACLs ..." in the image below) >> since the user is not allowed to see permissions on the required object. >> >> Unfortunately the Workbench shows the error received with an error >> dialog and gives up working further. All buttons are grayed out and >> the GUI becomes unuseful. >> >> See error for WS ... >> >> Description: cid:image003.png@01CC9ECA.4F14B000 >> >> ... and for Atompub. >> >> I would expect the Workbench to catch such a PERMISSION_DENIED error, >> leave the correspondent ACLs pane empty but keep on working with >> further objects. >> >> Is that a known issue? Is there any fix for that (I'm using the 0.5.0 >> version)? >> >> Or am I missing something? >> >> Thanks for any hint you might have. >> >> - Stefano >> >> ---------------------------------------------------------------------- >> -- >> >> /"Not everything that counts can be counted, and not everything that >> can be counted counts." - //Albert Einstein/// >> >> /"Non tutto quel che può essere contato, conta, e non tutto quel che >> conta, può essere contato."/// >> >> /"Nicht alles, was man zählen kann, zählt auch. Und nicht alles, was >> zählt, kann man auch zählen." / >> >> //// >> >> *Stefano Lauricella* >> >> Development Enterprise Library Infrastructure >> >> Description: cid:image002.gif@01CB6143.E5EC8FE0 >> >> >> ** >> >> *Open Text Software**GmbH* >> >> >> >> >> >> Description: >> http://www.opentext.com/2/emailsupport-event-image-opentext.gif >> >> >> Technopark II >> >> Werner-von-Siemens-Ring 20 >> >> 85630 Grasbrunn >> >> Germany >> >> Phone: +49 (0) 89 4629 1860 >> >> Fax: +49 (0) 89 4629 33 1860 >> >> >> >> Email: >> >> >> >> stefano.lauricella@opentext.com >> >> >> Web site: >> >> >> >> http://www.opentext.com/ >> >> >> >> >> *Place of Incorporation / Sitz der Gesellschaft: *Open Text Software >> GmbH, Werner-von-Siemens-Ring 20, 85630 Grasbrunn, Germany | Phone: >> +49 >> (0) 89 4629 0 | Fax: +49 (0) 89 4629 1199 | *Register Court / >> Registergericht: *München, Germany | *Trade Register Number / HRB: >> *179298 | *VAT ID Number /USt-ID: *118 656 356*| Managing Director / >> Geschäftsführer: *Walter Köhler >> >> This email is protected by domestic and international copyright laws >> and treaties and is the property of Open Text Corporation, it may >> contain confidential and/or trade secret information of the Open Text >> Corporation and/or its subsidiaries (OTC), and may be subject to legal >> privilege in favor of OTC. This email may only be lawfully received, >> accessed, displayed on a computer screen, printed, copied, and/or used >> by the specific addressee(s) named above ("Authorized Recipient") for >> the purpose for which it was sent by OTC. All other rights and >> licenses to this email are fully reserved to OTC. If you are not an >> Authorized Recipient, you are required to immediately delete this >> email in its entirety without printing, copying, using, and/or >> re-transmitting this email, either in whole or in part. The >> transmission of this email by OTC is not to be construed as a waiver >> by OTC and/or the individual sending this email on behalf of OTC of >> any of their respective rights or privileges at law or otherwise, howsoever arising. >> >