Adding Unlock permission to a specific group doesn't work


I use Nuxeo 10.10 with postgresql 11. I try to add an “unlock” permission to a group named “gestionnaire”. User in this group can read write and *unlock * documents

What i have done :

I deployed a contribution following

<component name="">
    <extension target="" point="permissions">
        <permission name="ReadWriteAndUnlock">

    <!-- -->
    <extension  target="" point="permissionsVisibility">
            <item order="10" show="true">Read</item>
            <item order="50" denyPermission="Write" show="true">ReadWrite</item>
            <item order="55" denyPermission="Unlock" show="true">ReadWriteAndUnlock</item>
            <item order="100" show="true">Everything</item>

On repository, i added permissions on the workspace

type an image title

What i expect :

A user in default “members” group can lock a document he created. (So he can unlock it too) A user in “manager” group can unlock a document locked by a user of “member"s group (because i had unlock permission)

The problem :

A user in “manager” group can't unlock a document locked by a user of “member"s group. No unlock button is diplayed in webui.

What did I miss?

Thank you.

0 votes

4 answers



Okay, I made a little patch and it works. My user in “gestionnaire” group can unlock the doc

_isAvailable(doc) {
          return doc && !doc.isVersion && (this.hasPermission(doc, 'Unlock') || this.hasPermission(doc, 'Write') ) && !this.isImmutable(doc)

But I think it's not the correct way to do what i want.

1 votes

I have checked JSON export of the document when it is locked by another user

Here they are :

"permissions": [ "ReadProperties", "ReadSecurity", "ReadVersion", "Read", "ReadChildren", "ReadLifeCycle", "ReviewParticipant", "Unlock", "ReadWrite", "Browse", "ReadWriteAndUnlock" ]

when the document is unlocked i have the following permission

"permissions": [ "Write", "WriteVersion", "ReadProperties", "ReadSecurity", "Remove", "ReadVersion", "Read", "WriteLifeCycle", "ReadChildren", "AddChildren", "ReadLifeCycle", "RemoveChildren", "ReviewParticipant", "Unlock", "ReadWrite", "Browse", "ReadWriteAndUnlock", "WriteProperties", "ManageWorkflows" ]

I think the problem is similar of this old one (for JSF UI :

What do you think ?

0 votes

:-) Thank you for your fast answer but my new permission “ReadWriteAndUnlock” include write permission (ReadWrite)

<permission name="ReadWriteAndUnlock">

How can i implement this scenario ? I dont want my managers have administrator's privilege only for unlock a document.

Thank you

0 votes

I suggest you to make a JSON export of the document to be sure about the permissions which are set on, and check with the Browser console what's happening exactly (with breaking points and co)

This is probably due to the fact that the element displaying the lock and unlock action is filtering with the “Write” permission:

0 votes