-
Type:
Service Pack Request
-
Status: Closed
-
Resolution: Fixed
-
Affects Version/s: 5.0.2
-
Fix Version/s: 5.0.4
-
Component/s: AOS / Sharepoint Protocol
-
Labels:None
-
Environment:Client: Windows 7, IE 11, Fiddler
Server: Ubuntu1204, 2x CPUs and 8 GB RAM; Alfresco v5.0.2
-
Bug Priority:
Category 2
-
ACT Numbers:
00614926
[Description]:
If an user does have any permission on "Folder A", no permissions on "FolderB" and e.g. Editor permissions on "Folder C" containing a MS Office document,
he/she can trigger the Edit Online action - everything seems to work just fine:
- The document opens up in MS Office, he/she can make changes and save it without any error.
- MS Office says it has uploaded content on the server.
- Closing MS Office unlocks the document.
Nothing is really saved on the Alfresco server. The modifier, modified date, minor version and content are unchanged.
>> Edit Online breaks if the user does not have at least Consumer permissions on all folders pointing to the document in question.
[Steps to reproduce]:
1.) Create folders in repository as below and upload test docx file.
Repository -> FolderA -> FolderB -> FolderC -> test.docx
2.) Give a user (abeecher) Consumer permission on FolderA and Editor permission on FolderC.
3.) Try "Edit Online" with test.docx ===> It works fine
4.) Break Permission inheritance on FolderB
5.) As abeecher can't see FolderB and C anymore in repository, access to docx file via URL and try "Edit Online" with test.docx
===> It looks working fine but document is not updated after save and close.
[Expected Behaviour]:
Abeecher should be able to edit online and save it to repository OR Abeecher should receive Warning that she doesn't have permission to edit online.
[Observed Behaviour]:
Abeecher was able to access edit online, save and close but document didn't get updated. There was no warning either.
[Analysis to date]:
1.) Issue reproduced on Alfresco v5.0.2
2.) Test document attached
3.) Fiddler trace showing the HTTP 200 for the PUT call attached
4.) Log snippet for Put call:
[http-apr-8080-exec-3] Entering AuthenticationFilter. [http-apr-8080-exec-3] There is no user in the session. [http-apr-8080-exec-3] Basic authentication details present in the header. [http-apr-8080-exec-3] event:net.sf.acegisecurity.providers.dao.event.AuthenticationSuccessEvent[source=net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@f77aa09: Username: abeecher; Password: [PROTECTED]; Authenticated: false; Details: null; Not granted any authorities] [http-apr-8080-exec-3] Create the User environment for: abeecher [http-apr-8080-exec-3] ------------------------------< WebDAV: LOCK >------------------------------ [http-apr-8080-exec-3] In Retrying transaction: LOCK 1457523701811 [http-apr-8080-exec-3] Finished WebDAV: LOCK [http-apr-8080-exec-4] Entering AuthenticationFilter. [http-apr-8080-exec-4] Found a session user: abeecher [http-apr-8080-exec-4] ------------------------------< WebDAV: PUT >------------------------------ [http-apr-8080-exec-4] In Retrying transaction: PUT 1457523701870 [http-apr-8080-exec-4] Created system temporary directory: /opt/alfresco-5.0.2/tomcat/temp [http-apr-8080-exec-4] Creating tmp file: /opt/alfresco-5.0.2/tomcat/temp/Alfresco/aos_request_2458779777013926322.bin [http-apr-8080-exec-4] Finished WebDAV: PUT
5.) Screenshots demonstrating that the changes haven't been saved attached
