AnsweredAssumed Answered

Permission Problem

Question asked by bk13 on Jul 10, 2009
Latest reply on Jul 13, 2009 by bk13
hello,

I got a question concerning the permission system.

I got an user who has the read permission (Consumer) on an content node A. With this permission he can link the node A to one of his folders (non primary child association).

This is done by using the web-service-client and the following code:


CMLAddChild addChild = new CMLAddChild(parentReference, null, null, null, predicateChild, null);
CML cml = new CML();
cml.setAddChild(new CMLAddChild[] { addChild });
WebServiceFactory.getRepositoryService().update(cml);

The problem is, that the user can not remove node A from his folder.(remove the non primary child association) with the follwing code:


CMLRemoveChild cmlRemoveChild = new CMLRemoveChild(referenceFrom, null, predicateWhere, null);
CML cml = new CML();
cml.setRemoveChild(new CMLRemoveChild[] { cmlRemoveChild });
WebServiceFactory.getRepositoryService().update(cml);

This code leads to an Exception:
org.alfresco.repo.security.permissions.AccessDeniedException: 06090003 Access Denied.  You do not have the appropriate permissions to perform this operation.

The user has all Permissions(included the removeChildren permission) on the folder where he linked node A.
When the deletePermission on Node A is assigned to the User, than removing the non primary child association is possible. But with this permission he is also allowed to remove Node A itself and not only the Child association.

My questions are
- Why do I need more permissions to revert an addChild operation than to add it?
- why is it possible to create an childAssociation to a node by only having the read permission(something like update happens the update date changes)?
- how can I change the permission system, so that adding and removing child associations require the same permission?
- Why do I need the delete permission on a node to remove the child association to it?

best regards

bert

Outcomes