I recently updated our Nuxeo platform directly from version 5.8 to 7.10. Today I noticed some problems with ACLs.
For some users (not all), they can file a document in the workspace, and when they want to publish it, they can see the list of sections, but they can not select one. In the section, I deleted the “Write” permission and I restored it but it did not solve the problem. Look at the screenshot : my user should be able to publish in all of this sections list, but you can see that the “bublish here” button is not available.
The only solution I found was to give them “Manage all” but it does not suit me because they are not managers of these sections.
For information after the update of nuxeo, I seen in server.log that I had to delete “aclr” and “aclr_permission” tables, I did it, tables have been built again at the restart, but there is no differences.
What ACLs are defined on sections, especially "ask for publishing" ?
It's exist 4 rights :
- Manage all
- Ask for publish
I've uploaded you 4 screenshots from my root section to my target section. In my root section "Rubriques" I've given "read" permission to employee group (SID-1.jpeg). In sub section "Gouvernance" All permissions are herited (SID-2.jpeg). Exactly the same in sub-sub section "Instances" (SID-3.jpeg).
And finally, in "CFVU et CEVU", I'have given "Write" permission to "Laurence B…" (Laurence B is in employee group) (SID-4.jpeg)
So, she should be able to publish in this section and sub section without having to ask.
I precise that if I restart nuxeo 5.8 (using the same database), Laurence B is able to publish without problem.
In recent versions of Nuxeo, a user must have the “can ask for publishing” permission on a section to be able to request publication to it.
Can they publish without asking?
what is the utility of "write" permission in Sections if they must to ask to publish ?
So, how can I change rights for all users from "write" to "ask to publish" ? (If I do it one by one, it could be very long)