Error when the user attempts to upload a document into a folder it has permission, but doesn'n in the folder's parents #110
Comments
|
@douglascrp IMHO the required behavior is to fail to load the config if it is part of a folder the current user does not have any permission over. So, I would suggest to switch from JS implementation to Java implementation, run the code to resolve parents as system (probably use lower level services to avoid unecessary auditing), and discard (ignore) any setting on a node the fully authenticated user does not have permissions over and continue resolving parents |
|
@yregaieg That is exactly what I thought, but I could not find the time to work on this. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When an user is given the permission to write into a single folder inside of folder structure, but without permission into the higher levels in the structure, the allowed-content-types webscript fails in the line below
https://github.com/softwareloop/uploader-plus/blob/master/repo/src/main/amp/config/alfresco/templates/webscripts/com/softwareloop/uploader-plus/allowed-content-types.get.js#L40
The problem is that the code is trying to access the hasAspect function in a node where the user has no permission.
The text was updated successfully, but these errors were encountered: