Uploaded image for project: 'Service Packs and Hot Fixes'
  1. Service Packs and Hot Fixes
  2. MNT-13006

Working Copy of a checked out document is editable by anyone


    • Type: Improvement
    • Status: Need Info (View Workflow)
    • Resolution: Unresolved
    • Affects Version/s: 4.2.3
    • Fix Version/s: None
    • Component/s: Repository
    • Labels:
    • Environment:
      v4.2.3.13, RHEL, Oracle, Webdav
    • Bug Priority:
      Category 3
    • ACT Numbers:



      Request is for change to functionality in v4.2.3 and newer.

      When a document is checked out by a user, the 'Working Copy' can be edited by anyone with permissions to document via webdav, which would appear to defeat the purpose.

      Consider the following situation:

      A space is in Alfresco, which has collaborator permission for everyone. User Alice creates a document, then checks it out for editing, creating the working copy in the same space.

      User bob looks in the space, and sees that the original document is locked, and that they don't have permission to edit it. However, they do have permission to edit the working copy, so can edit that inline, making changes to that which conflict with changes Alice is making.

      Isn't this the sort of thing that checking out a document is meant to prevent? The only way this seems to work as expected, is if the working copy is checked out to another space (possibly the user's home space). I assume that the Working Copy is just inheriting the permissions of the space, when it should really be settings its own permissions so that only the owner can edit it.

      The document was not under version control (I haven't tested to see if making it versionable changes things), and all tests were performed in the Web UI.


          Issue Links



              • Assignee:
                repositoryteam Repository Team
                samuel.penn Samuel Penn (Inactive)
              • Votes:
                7 Vote for this issue
                7 Start watching this issue


                • Created: