AnsweredAssumed Answered

AllowableAction question

Question asked by lycantrop on Aug 8, 2013
Latest reply on Aug 10, 2013 by kaynezhang
I am developing server side CMIS implementation. Have problem with AllowableAction specification.
My repository provides i.e. this permission mapping:

   <ns2:description>this is test permission</ns2:description>

AllowableAction i.e. contains property 'canCreateFolder'. This property is maps to key 'canCreateDocument.Folder'.

Test user have list of permissions and have permission 'test_permission'.
For requested object (in this example folder) client receive from server list of AllowableActions. Can I say, property 'canCreateFolder' is true for object and current user, because curent user does have permission 'test_permission'. Is this enough? Or I should check object ACE and compare record by principal, permission for this object? Do I need to check ACE of object for every property of AllowableActions list?

I understand principe of allowableActions like something, what I can do over current object by current user permissions. Something like pre-check and the runtime check is performed directly over the action (in this case it is createFolder).

Thanks for your answers.