chemistry-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Florian Müller <>
Subject Re: Strange ACL Test (TCK) failures, Issue to disable Copy Object in CMIS Workbench
Date Mon, 07 Dec 2015 14:23:26 GMT
Hi Marcel,

Here are a few answers.

Re 1)
The TCK calls getAcl() with the parameter onlyBasicPermissions = true.
That is, the repository must translate the native permissions into CMIS 
basic permissions.
The spec says in "The repository SHOULD make a best effort 
to fully express the native security applied to the object."

Re 2)
There is no Allowable Action that can express whether a document can be 
used as the source in a createDocumentFromSource() call or not.
Therefore, the Workbench provides this button for all documents. In the 
worst case, the repository throws an exception, which should be ok for a 
developer tool like the Workbench.

Re 3)
The Workbench calls getObject() with the parameter includeAcls = true, 
if the repository supports ACLs in general.
If the repository returns an ACL with the object, then it is used. If 
the repository really doesn't want that the user gets the ACL, it 
shouldn't return it.
Allowable Actions are only hints for the clients. They don't enforce 

- Florian

> Hello everyone,
> my name is Marcel Romagnuolo and I am using the great OpenCMIS Server
> Framework to build a CMIS server for the CMS "Structr".
> I am working a lot with the CMIS Workbench to test my implementations.
> Over the time I got some problems, which I wanted to solve with your 
> help.
> 1)
> I am getting some failures in the ACL part of the TCK tests, which I
> dont understand:
> "FAILURE: ACE contains a non-basic permission: xxx"
> (See: )
> In the repository are only non-basic permissions allowed! See here for
> the repository info:
> As you can see the Supported Permissions are set on "REPOSITORY",
> which should indicate, that there are no basic permissions integrated,
> right? The OASIS Standard also says, that there are no basic
> permissions necessary.
> But why are the TCK tests failing then?
> 2)
> If I select a cmis:document, there is always the option under
> "Actions" to Copy the object, although all Allowable Actions are
> disabled. It just never disappears like the other Actions based on the
> Allowable Actions. How do I disable it?
> See:
> 3)
> Also some Allowable Actions don't get applied for some reason. For
> example the "CAN_GET_ACL" Allowable Action is not really working,
> because the user can always see the ACL of a object independent of his
> permissions.
> I really would appreciate your help.
> Thank you for reading and best regards, Marcel

View raw message