AnsweredAssumed Answered

AllowableAction question

Question asked by lycantrop on Aug 8, 2013
Latest reply on Aug 10, 2013 by kaynezhang
Hi,
I am developing server side CMIS implementation. Have problem with AllowableAction specification.
My repository provides i.e. this permission mapping:


<ns2:permissions>
   <ns2:permission>test_permission</ns2:permission>
   <ns2:description>this is test permission</ns2:description>
</ns2:permissions>
<ns2:mapping>
   <ns2:key>canCreateDocument.Folder</ns2:key>   
   <ns2:permission>test_permission</ns2:permission>
</ns2:mapping>


AllowableAction i.e. contains property 'canCreateFolder'. This property is maps to key 'canCreateDocument.Folder'.

Test user have list of permissions and have permission 'test_permission'.
For requested object (in this example folder) client receive from server list of AllowableActions. Can I say, property 'canCreateFolder' is true for object and current user, because curent user does have permission 'test_permission'. Is this enough? Or I should check object ACE and compare record by principal, permission for this object? Do I need to check ACE of object for every property of AllowableActions list?

I understand principe of allowableActions like something, what I can do over current object by current user permissions. Something like pre-check and the runtime check is performed directly over the action (in this case it is createFolder).

Thanks for your answers.

Lestat

Outcomes