Re: Strange ACL Test (TCK) failures, Issue to disable Copy Object in CMIS Workbench

[ma...@structr.com]

Hello Florian,

thanks a lot for the helpful answer.
Everything is clear now and I already fixed the TCK failures.

There are still other TCK failures I have to check, but I will try to 
fix them myself first.

Have a nice day!

Marcel

On 2015-12-07 15:23, Florian Müller wrote:
> Hi Marcel,
> 
> Here are a few answers.
> 
> Re 1)
> The TCK calls getAcl() with the parameter onlyBasicPermissions = true.
> That is, the repository must translate the native permissions into
> CMIS basic permissions.
> The spec says in 2.2.10.2.1: "The repository SHOULD make a best effort
> to fully express the native security applied to the object."
> 
> Re 2)
> There is no Allowable Action that can express whether a document can
> be used as the source in a createDocumentFromSource() call or not.
> Therefore, the Workbench provides this button for all documents. In
> the worst case, the repository throws an exception, which should be ok
> for a developer tool like the Workbench.
> 
> Re 3)
> The Workbench calls getObject() with the parameter includeAcls = true,
> if the repository supports ACLs in general.
> If the repository returns an ACL with the object, then it is used. If
> the repository really doesn't want that the user gets the ACL, it
> shouldn't return it.
> Allowable Actions are only hints for the clients. They don't enforce 
> anything.
> 
> 
> - Florian
> 
> 
> 
>> Hello everyone,
>> 
>> my name is Marcel Romagnuolo and I am using the great OpenCMIS Server
>> Framework to build a CMIS server for the CMS "Structr".
>> 
>> I am working a lot with the CMIS Workbench to test my implementations.
>> Over the time I got some problems, which I wanted to solve with your 
>> help.
>> 
>> 1)
>> I am getting some failures in the ACL part of the TCK tests, which I
>> dont understand:
>> "FAILURE: ACE contains a non-basic permission: xxx"
>> 
>> (See: http://www2.pic-upload.de/img/29059098/problem1.png )
>> 
>> In the repository are only non-basic permissions allowed! See here for
>> the repository info:
>> http://www2.pic-upload.de/img/29059109/problem2.png
>> 
>> As you can see the Supported Permissions are set on "REPOSITORY",
>> which should indicate, that there are no basic permissions integrated,
>> right? The OASIS Standard also says, that there are no basic
>> permissions necessary.
>> But why are the TCK tests failing then?
>> 
>> 2)
>> If I select a cmis:document, there is always the option under
>> "Actions" to Copy the object, although all Allowable Actions are
>> disabled. It just never disappears like the other Actions based on the
>> Allowable Actions. How do I disable it?
>> 
>> See: http://www2.pic-upload.de/img/29059129/problem3.png
>> 
>> 3)
>> Also some Allowable Actions don't get applied for some reason. For
>> example the "CAN_GET_ACL" Allowable Action is not really working,
>> because the user can always see the ACL of a object independent of his
>> permissions.
>> 
>> 
>> I really would appreciate your help.
>> 
>> Thank you for reading and best regards, Marcel