[MNT-15814] AOS: Edit Online breaks if inheritance permissions removed on a folder within the path to the document Created: 09-Mar-16  Updated: 16-Oct-17  Resolved: 23-Aug-16

Status: Closed
Project: Service Packs and Hot Fixes
Component/s: AOS / Sharepoint Protocol
Affects Version/s: 5.0.2
Fix Version/s: 5.0.4

Type: Service Pack Request
Reporter: Nebil Kisa Assignee: Closed Bugs (Inactive)
Resolution: Fixed Votes: 1
Labels: None
Remaining Estimate: 0 minutes
Time Spent: 1 day, 3 hours, 35 minutes
Original Estimate: Not Specified

Client: Windows 7, IE 11, Fiddler
Server: Ubuntu1204, 2x CPUs and 8 GB RAM; Alfresco v5.0.2

Attachments: JPEG File 01_Changes_Made.jpg     PNG File 02_Fiddler_Trace.png     PNG File 03_Preview_on_Share.png     File EditOnlineBrokenIfInheritanceRemoved.saz     PNG File MNT-15814 - Private site - no notification when updated or previewed by other user.PNG     PNG File MNT-15814 - no notification when updated by other user.PNG     Microsoft Word demo.docx    
Issue Links:
is cloned by MNT-17566 CLONE - AOS: Edit Online breaks if in... Closed
is duplicated by MNT-16743 Edit online doesn’t save the changes ... Closed
Bug Priority:
Category 2
ACT Numbers:


Build Location: https://releases.alfresco.com/Enterprise-5.0/5.0.4/build-00030/ALL/


If an user does have any permission on "Folder A", no permissions on "FolderB" and e.g. Editor permissions on "Folder C" containing a MS Office document,
he/she can trigger the Edit Online action - everything seems to work just fine:

  • The document opens up in MS Office, he/she can make changes and save it without any error.
  • MS Office says it has uploaded content on the server.
  • Closing MS Office unlocks the document.
    Nothing is really saved on the Alfresco server. The modifier, modified date, minor version and content are unchanged.

>> Edit Online breaks if the user does not have at least Consumer permissions on all folders pointing to the document in question.

[Steps to reproduce]:
1.) Create folders in repository as below and upload test docx file.
Repository -> FolderA -> FolderB -> FolderC -> test.docx
2.) Give a user (abeecher) Consumer permission on FolderA and Editor permission on FolderC.
3.) Try "Edit Online" with test.docx ===> It works fine
4.) Break Permission inheritance on FolderB
5.) As abeecher can't see FolderB and C anymore in repository, access to docx file via URL and try "Edit Online" with test.docx
===> It looks working fine but document is not updated after save and close.

[Expected Behaviour]:
Abeecher should be able to edit online and save it to repository OR Abeecher should receive Warning that she doesn't have permission to edit online.

[Observed Behaviour]:
Abeecher was able to access edit online, save and close but document didn't get updated. There was no warning either.

[Analysis to date]:
1.) Issue reproduced on Alfresco v5.0.2
2.) Test document attached
3.) Fiddler trace showing the HTTP 200 for the PUT call attached
4.) Log snippet for Put call:

[http-apr-8080-exec-3] Entering AuthenticationFilter.
[http-apr-8080-exec-3] There is no user in the session.
[http-apr-8080-exec-3] Basic authentication details present in the header.
[http-apr-8080-exec-3] event:net.sf.acegisecurity.providers.dao.event.AuthenticationSuccessEvent[source=net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@f77aa09: Username: abeecher; Password: [PROTECTED]; Authenticated: false; Details: null; Not granted any authorities]
[http-apr-8080-exec-3] Create the User environment for: abeecher
[http-apr-8080-exec-3] ------------------------------< WebDAV: LOCK >------------------------------
[http-apr-8080-exec-3] In Retrying transaction: LOCK 1457523701811
[http-apr-8080-exec-3] Finished WebDAV: LOCK
[http-apr-8080-exec-4] Entering AuthenticationFilter.
[http-apr-8080-exec-4] Found a session user: abeecher
[http-apr-8080-exec-4] ------------------------------< WebDAV: PUT >------------------------------
[http-apr-8080-exec-4] In Retrying transaction: PUT 1457523701870
[http-apr-8080-exec-4] Created system temporary directory: /opt/alfresco-5.0.2/tomcat/temp
[http-apr-8080-exec-4] Creating tmp file: /opt/alfresco-5.0.2/tomcat/temp/Alfresco/aos_request_2458779777013926322.bin
[http-apr-8080-exec-4] Finished WebDAV: PUT

5.) Screenshots demonstrating that the changes haven't been saved attached

Generated at Mon Mar 08 16:31:48 GMT 2021 using Jira 7.13.15#713015-sha1:7c5ddd2c3e1709974ae9c48c17df8edd3919fe2c.