Uploaded image for project: 'Service Packs and Hot Fixes'
  1. Service Packs and Hot Fixes
  2. MNT-17566

CLONE - AOS: Edit Online breaks if inheritance permissions removed on a folder within the path to the document

    Details

      Description

      [Description]:
      If an user does have any permission on "Folder A", no permissions on "FolderB" and e.g. Editor permissions on "Folder C" containing a MS Office document,
      he/she can trigger the Edit Online action - everything seems to work just fine:

      • The document opens up in MS Office, he/she can make changes and save it without any error.
      • MS Office says it has uploaded content on the server.
      • Closing MS Office unlocks the document.
        Nothing is really saved on the Alfresco server. The modifier, modified date, minor version and content are unchanged.

      >> Edit Online breaks if the user does not have at least Consumer permissions on all folders pointing to the document in question.

      [Steps to reproduce]:
      1.) Create folders in repository as below and upload test docx file.
      Repository -> FolderA -> FolderB -> FolderC -> test.docx
      2.) Give a user (abeecher) Consumer permission on FolderA and Editor permission on FolderC.
      3.) Try "Edit Online" with test.docx ===> It works fine
      4.) Break Permission inheritance on FolderB
      5.) As abeecher can't see FolderB and C anymore in repository, access to docx file via URL and try "Edit Online" with test.docx
      ===> It looks working fine but document is not updated after save and close.

      [Expected Behaviour]:
      Abeecher should be able to edit online and save it to repository OR Abeecher should receive Warning that she doesn't have permission to edit online.

      [Observed Behaviour]:
      Abeecher was able to access edit online, save and close but document didn't get updated. There was no warning either.

      [Analysis to date]:
      1.) Issue reproduced on Alfresco v5.1.2
      2.) Test document attached
      3.) Fiddler trace showing the HTTP 200 for the PUT call attached
      4.) Log snippet for Put call:

      [http-apr-8080-exec-3] Entering AuthenticationFilter.
      [http-apr-8080-exec-3] There is no user in the session.
      [http-apr-8080-exec-3] Basic authentication details present in the header.
      [http-apr-8080-exec-3] event:net.sf.acegisecurity.providers.dao.event.AuthenticationSuccessEvent[source=net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@f77aa09: Username: abeecher; Password: [PROTECTED]; Authenticated: false; Details: null; Not granted any authorities]
      [http-apr-8080-exec-3] Create the User environment for: abeecher
      [http-apr-8080-exec-3] ------------------------------< WebDAV: LOCK >------------------------------
      [http-apr-8080-exec-3] In Retrying transaction: LOCK 1457523701811
      [http-apr-8080-exec-3] Finished WebDAV: LOCK
      [http-apr-8080-exec-4] Entering AuthenticationFilter.
      [http-apr-8080-exec-4] Found a session user: abeecher
      [http-apr-8080-exec-4] ------------------------------< WebDAV: PUT >------------------------------
      [http-apr-8080-exec-4] In Retrying transaction: PUT 1457523701870
      [http-apr-8080-exec-4] Created system temporary directory: /opt/alfresco-5.0.2/tomcat/temp
      [http-apr-8080-exec-4] Creating tmp file: /opt/alfresco-5.0.2/tomcat/temp/Alfresco/aos_request_2458779777013926322.bin
      [http-apr-8080-exec-4] Finished WebDAV: PUT
      

      5.) Screenshots demonstrating that the changes haven't been saved attached

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                closedbugs Closed Bugs
                Reporter:
                lwang Lei Wang [X] (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                14 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 1 day, 2 hours
                  1d 2h