AnsweredAssumed Answered

Document Permissions - getPermissions()

Question asked by paulf on Apr 7, 2015
Hi everyone,

I have been looking into this curiosity for a while now so thought I would post to see if someone can answer it.

I have a web-script on my Alfresco instance that uses the method getPermission() - a snippet of this is below:

….
if(foundNode){
var permissionFound = foundNode.getPermissions();
var permissionString;

for each (permission in permissionFound){
   if (permissionString)
       permissionString += "|_|" + permission;
   else
       permissionString = permission;

   model.entries= permissionString;
}
….

This script, of course, takes a node (document identifier) and returns the permissions that are set on the document.

I have a document which lives in a site (with a dummy title of 'finance'), inherits it's ACL from the site and also adds onto this a user-defined group as a Contributor.

I pass this document's identifier to the web script and I get back an expected list of ACE's:

ALLOWED;GROUP_site_finance_SiteContributor;SiteContributor
ALLOWED;GROUP_site_finance_SiteConsumer;SiteConsumer
ALLOWED;GROUP_site_finance_SiteCollaborator;SiteCollaborator
ALLOWED;GROUP_site_finance_SiteManager;SiteManager
ALLOWED;GROUP_finance;SiteContributor
ALLOWED;GROUP_EVERYONE;ReadPermissions
ALLOWED;GROUP_EVERYONE;SiteConsumer

All fine so far.

Now, I then go to my Site configuration and make this site a Private site. Doing this removes the 'ALLOWED;GROUP_EVERYONE;SiteConsumer' from the list of returned permissions. That makes sense.

What does not make sense to me is why 'ALLOWED;GROUP_EVERYONE;ReadPermissions' remains.

Why would a document that is in a private site have READ permissions for everyone - especially when there is no specific entry for EVERYONE set?

If I disable the permission inheritance, this permission is removed and I get:

ALLOWED;GROUP_site_finance_SiteManager;SiteManager|_|ALLOWED;GROUP_finance;SiteContributor

But why, when it inherits does it always have READ permissions for everyone?  To confirm, the site has 3 additional, user defined, permissions. These are 3 named users - none of which is 'EVERYONE'.

Thanks for reading.

Outcomes