Uploaded image for project: 'Service Packs and Hot Fixes'
  1. Service Packs and Hot Fixes
  2. MNT-15814

AOS: Edit Online breaks if inheritance permissions removed on a folder within the path to the document

    Details

    • Type: Service Pack Request
    • Status: Closed (View Workflow)
    • Resolution: Fixed
    • Affects Version/s: 5.0.2
    • Fix Version/s: 5.0.4
    • Labels:
      None
    • Environment:
      Client: Windows 7, IE 11, Fiddler
      Server: Ubuntu1204, 2x CPUs and 8 GB RAM; Alfresco v5.0.2

      Description

      [Description]:
      If an user does have any permission on "Folder A", no permissions on "FolderB" and e.g. Editor permissions on "Folder C" containing a MS Office document,
      he/she can trigger the Edit Online action - everything seems to work just fine:

      • The document opens up in MS Office, he/she can make changes and save it without any error.
      • MS Office says it has uploaded content on the server.
      • Closing MS Office unlocks the document.
        Nothing is really saved on the Alfresco server. The modifier, modified date, minor version and content are unchanged.

      >> Edit Online breaks if the user does not have at least Consumer permissions on all folders pointing to the document in question.

      [Steps to reproduce]:
      1.) Create folders in repository as below and upload test docx file.
      Repository -> FolderA -> FolderB -> FolderC -> test.docx
      2.) Give a user (abeecher) Consumer permission on FolderA and Editor permission on FolderC.
      3.) Try "Edit Online" with test.docx ===> It works fine
      4.) Break Permission inheritance on FolderB
      5.) As abeecher can't see FolderB and C anymore in repository, access to docx file via URL and try "Edit Online" with test.docx
      ===> It looks working fine but document is not updated after save and close.

      [Expected Behaviour]:
      Abeecher should be able to edit online and save it to repository OR Abeecher should receive Warning that she doesn't have permission to edit online.

      [Observed Behaviour]:
      Abeecher was able to access edit online, save and close but document didn't get updated. There was no warning either.

      [Analysis to date]:
      1.) Issue reproduced on Alfresco v5.0.2
      2.) Test document attached
      3.) Fiddler trace showing the HTTP 200 for the PUT call attached
      4.) Log snippet for Put call:

      [http-apr-8080-exec-3] Entering AuthenticationFilter.
      [http-apr-8080-exec-3] There is no user in the session.
      [http-apr-8080-exec-3] Basic authentication details present in the header.
      [http-apr-8080-exec-3] event:net.sf.acegisecurity.providers.dao.event.AuthenticationSuccessEvent[source=net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@f77aa09: Username: abeecher; Password: [PROTECTED]; Authenticated: false; Details: null; Not granted any authorities]
      [http-apr-8080-exec-3] Create the User environment for: abeecher
      [http-apr-8080-exec-3] ------------------------------< WebDAV: LOCK >------------------------------
      [http-apr-8080-exec-3] In Retrying transaction: LOCK 1457523701811
      [http-apr-8080-exec-3] Finished WebDAV: LOCK
      [http-apr-8080-exec-4] Entering AuthenticationFilter.
      [http-apr-8080-exec-4] Found a session user: abeecher
      [http-apr-8080-exec-4] ------------------------------< WebDAV: PUT >------------------------------
      [http-apr-8080-exec-4] In Retrying transaction: PUT 1457523701870
      [http-apr-8080-exec-4] Created system temporary directory: /opt/alfresco-5.0.2/tomcat/temp
      [http-apr-8080-exec-4] Creating tmp file: /opt/alfresco-5.0.2/tomcat/temp/Alfresco/aos_request_2458779777013926322.bin
      [http-apr-8080-exec-4] Finished WebDAV: PUT
      

      5.) Screenshots demonstrating that the changes haven't been saved attached

        Attachments

          Issue Links

            Structure

              Activity

                People

                • Assignee:
                  closedbugs Closed Bugs
                  Reporter:
                  nkisa Nebil Kisa
                • Votes:
                  1 Vote for this issue
                  Watchers:
                  11 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:

                    Time Tracking

                    Estimated:
                    Original Estimate - Not Specified
                    Not Specified
                    Remaining:
                    Remaining Estimate - 0 minutes
                    0m
                    Logged:
                    Time Spent - 1 day, 3 hours, 35 minutes
                    1d 3h 35m

                      Structure Helper Panel