ACL + automation chain : Document.SetACL doesn't use MVEL (user) as i would

Hello,

I tested this code on Nuxeo 5.6

http://doc.nuxeo.com/display/Studio/Move+a+Document+with+security+constraints

Document.SetACL :

It's impossible to use MVEL language on attribute “user” even if there is a MVEL selector near this attribute.

Endeed, i tested it and saw that every MVEL code is not interpretade by the server.

This is a big probleme because set.acl became unusefull. It's impossible to use it only with “constantes values”.

Example: @{Context.principal.name} or @{CurrentUser.principal.name} or @{Context[“thisuser”]}

Do you have the same problem ?

Do you know where to find the java code of this operation? thanks

ps - modification: I translated my question in English + completed with the example

ps, le code existant de set.acl: http://hg.nuxeo.org/nuxeo/nuxeo-features/diff/0cc0116fde8a/nuxeo-automation/nuxeo-automation-core/src/main/java/org/nuxeo/ecm/automation/core/operations/document/SetDocumentACE.java

0 votes

1 answers

2415 views

ANSWER

What exact parameters are you using in your operation? MVEL usage is generic in operations, it should work everywhere.
01/18/2013

thank you for your answer.

exemples : @{Context.principal.name} or @{CurrentUser.principal.name} or @{Context["thisuser"]}

01/18/2013



Hello,

I solved this problem with this explanation:
A) used @{CurrentUser.name} (thanks nuxeo team help) for saving current user login
B) acl are visibled on “inheritance right” view in the interface

Context:

  • A user lamba has no right on a workspace.
  • An automation chain has to add TEMPORARY rights to allowed adding a file in this workspace
  • and grant the ReadWrite right on this created file.

1) SOLUTION OF RIGHT TO USE “SET ACL”

User lambda has no permission to use set.acl operation.
==> Need to LoginAs temporary as Administrator.
==> but save the “login” of the currentUser, first.

  1. Save user login : Execution Context || Set Context Variable || name=loginUser ; value=@{CurrentUser.originatingUser!=null && CurrentUser.originatingUser!=''?CurrentUser.originatingUser:CurrentUser.name}
  2. Users & Group || Login As || name=Administrator
  3. Do set.acl operations HERE on @{loginUser}.
  4. Users & Group || Logout
  5. Do operations for current user.

2) SOLUTION OF WHICH ACL CHOOSE TO ADD A FILE IN A WORKSPACE WITHOUT ANY RIGHT

Need 2 rights:

  • Document || Set ACL || permission=ReadWrite ; user=@{loginUser} ; acl=new ; grant=true ; overwrite=true
  • Document || Set ACL || permission=AddChildren ; user=@{loginUser} ; acl=new ; grant=true ; overwrite=true

3) SOLUTION OF DELETE TEMPORARY ACL

  • Need to keep an ACL on the created file => set field acl=“local” or acl=“othervalue” has you need.
  • remove ACL “new” with the workspace where you had right, as INPUT for “remove ACL”
    • Document || Remove ACL || acl=new

Hope it helps

Milonette

0 votes