"Read" Permission error
From a workflow task there is called a chain. It creates a new document and starts a new workflow on them. For two years it has worked well but very rare. Yesterday I was found that it stopped work and returned an error.
****** WebUI.Refresh ******
Chain ID: wf_MY_startWorkflowFromOtherWorkflow
Chain Aliases: []
Class: RefreshUI
Method: 'run' | Input Type: void | Output Type: void
Input: DocumentModelImpl(yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy, path=/division/workspaces/department/specialfolder/Untitled.1507557422637, title=yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy)
Parameters | Name: additional list of seam events to raise, Value: workflowNewProcessStarted
****** end sub chain ******
****** end sub chain ******
at org.nuxeo.ecm.automation.core.impl.OperationServiceImpl.run(OperationServiceImpl.java:238)
at org.nuxeo.ecm.automation.core.impl.OperationServiceImpl.run(OperationServiceImpl.java:97)
at org.nuxeo.ecm.platform.routing.core.impl.GraphNodeImpl.executeChain(GraphNodeImpl.java:514)
... 112 more
Caused by: org.nuxeo.ecm.automation.TraceException: org.nuxeo.ecm.automation.TraceException: org.nuxeo.ecm.automation.OperationException: Failed to invoke operation WebUI.Refresh with aliases [Seam.Refresh]
at org.nuxeo.ecm.automation.core.impl.OperationServiceImpl.run(OperationServiceImpl.java:240)
at org.nuxeo.ecm.automation.core.impl.OperationServiceImpl.run(OperationServiceImpl.java:121)
at org.nuxeo.ecm.automation.core.operations.execution.RunOperation.run(RunOperation.java:61)
at sun.reflect.GeneratedMethodAccessor1996.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.nuxeo.ecm.automation.core.impl.InvokableMethod.doInvoke(InvokableMethod.java:164)
at org.nuxeo.ecm.automation.core.impl.CompiledChainImpl.invoke(CompiledChainImpl.java:116)
at org.nuxeo.ecm.automation.core.impl.OperationServiceImpl.run(OperationServiceImpl.java:214)
... 114 more
Caused by: org.nuxeo.ecm.automation.TraceException: org.nuxeo.ecm.automation.OperationException: Failed to invoke operation WebUI.Refresh with aliases [Seam.Refresh]
at org.nuxeo.ecm.automation.core.impl.OperationServiceImpl.run(OperationServiceImpl.java:240)
at org.nuxeo.ecm.automation.core.impl.OperationServiceImpl.run(OperationServiceImpl.java:121)
at org.nuxeo.ecm.automation.core.operations.execution.RunOperation.run(RunOperation.java:61)
at sun.reflect.GeneratedMethodAccessor1996.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.nuxeo.ecm.automation.core.impl.InvokableMethod.doInvoke(InvokableMethod.java:164)
at org.nuxeo.ecm.automation.core.impl.InvokableMethod.invoke(InvokableMethod.java:177)
at org.nuxeo.ecm.automation.core.impl.OperationServiceImpl.run(OperationServiceImpl.java:214)
... 132 more
Caused by: org.nuxeo.ecm.automation.OperationException: Failed to invoke operation WebUI.Refresh with aliases [Seam.Refresh]
at org.nuxeo.ecm.automation.core.impl.InvokableMethod.invoke(InvokableMethod.java:189)
at org.nuxeo.ecm.automation.core.impl.CompiledChainImpl.doInvoke(CompiledChainImpl.java:130)
at org.nuxeo.ecm.automation.core.impl.OperationServiceImpl.run(OperationServiceImpl.java:214)
... 160 more
Caused by: org.nuxeo.ecm.core.api.DocumentSecurityException: Privilege 'Read' is not granted to 'userWithReadWrite'
at org.nuxeo.ecm.core.api.AbstractSession.checkPermission(AbstractSession.java:219)
at org.nuxeo.ecm.core.api.AbstractSession.getDocument(AbstractSession.java:927)
at org.nuxeo.ecm.webapp.context.NavigationContextBean.invalidateCurrentDocument(NavigationContextBean.java:229)
at sun.reflect.GeneratedMethodAccessor2018.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.jboss.seam.util.Reflections.invoke(Reflections.java:22)
at org.jboss.seam.intercept.RootInvocationContext.proceed(RootInvocationContext.java:32)
at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:56)
at org.jboss.seam.intercept.RootInterceptor.invoke(RootInterceptor.java:107)
at org.jboss.seam.intercept.JavaBeanInterceptor.interceptInvocation(JavaBeanInterceptor.java:196)
at org.jboss.seam.intercept.JavaBeanInterceptor.invoke(JavaBeanInterceptor.java:114)
at org.nuxeo.ecm.webapp.context.NavigationContextBean_$$_javassist_seam_13.invalidateCurrentDocument(NavigationContextBean_$$_javassist_seam_13.java)
at org.nuxeo.ecm.automation.jsf.operations.RefreshUI.run(RefreshUI.java:65)
at sun.reflect.GeneratedMethodAccessor2294.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.nuxeo.ecm.automation.core.impl.InvokableMethod.doInvoke(InvokableMethod.java:164)
at org.nuxeo.ecm.automation.core.impl.InvokableMethod.invoke(InvokableMethod.java:177)
... 179 more
The user 'userWithReadWrite' has the 'ReadWrite' permission assigned by the task. To eliminate the error it is necessary to add extra the 'Read' permission for the user.
There is used the following code:
<chain id="wf_MY_toAccepted">
<operation id="Context.FetchDocument"/>
<operation id="Document.SetLifeCycle">
<param type="string" name="value">accepted</param>
</operation>
<operation id="Audit.Log">
<param type="string" name="event">PCW.gotoAccepted</param>
<param type="string" name="category">ProcessChange</param>
<param type="string" name="comment">expr:@{nodeLastActor}
comment: @{NodeVariables["comment"] != empty?NodeVariables["comment"].length()>900?NodeVariables["comment"].substring(0,900):NodeVariables["comment"]:""}</param>
</operation>
<operation id="Context.RunOperation">
<param type="string" name="id">wf_MY_startNewWorkflow</param>
<param type="boolean" name="isolate">true</param>
</operation>
</chain>
<chain id="wf_MY_startNewWorkflow">
<operation id="Context.RunOperation">
<param type="string" name="id">wf_MY_initWorkflow</param>
<param type="boolean" name="isolate">false</param>
</operation>
<operation id="Context.RunOperation">
<param type="string" name="id">wf_MY_startWorkflowFromProcessChange</param>
<param type="boolean" name="isolate">false</param>
</operation>
</chain>
<chain id="wf_MY_initWorkflow">
<operation id="Document.Fetch">
<param type="document" name="value">xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx</param>
</operation>
<operation id="Document.Create">
<param type="string" name="type">File</param>
</operation>
<operation id="Document.SetProperty">
<param type="string" name="xpath">dc:title</param>
<param type="boolean" name="save">true</param>
<param type="serializable" name="value">Test read permission</param>
</operation>
<operation id="Document.SaveSession"/>
<operation id="Context.SetVar">
<param type="string" name="name">currentDoc</param>
<param type="object" name="value">expr:Document.id</param>
</operation>
</chain>
<chain id="wf_MY_startWorkflowFromOtherWorkflow">
<operation id="Document.Fetch">
<param type="document" name="value">expr:@{currentDoc}</param>
</operation>
<operation id="Auth.LoginAs">
<param type="string" name="name">userWithReadWrite</param>
</operation>
<operation id="Context.StartWorkflow">
<param type="string" name="id">MyNewWorkflow</param>
<param type="boolean" name="start">true</param>
</operation>
<operation id="Seam.Refresh">
<param type="stringlist" name="additional list of seam events to raise">workflowNewProcessStarted</param>
</operation>
</chain>
As I wroted it has worked many times but now it does not. I have not checked yet where the source of problem is.
0 votes
0 answers
3009 views
I cannot dig into your issue for now but if you have switched from Nuxeo version to another, don't hesitate to look here for release updates:
https://doc.nuxeo.com/nxdoc/upgrading-the-nuxeo-platform/#detailed-upgrade-by-version