[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [OASIS Issue Tracker] Created: (CMIS-710) Section 2.1.8.3.2, somepermission mappings should be changed
Section 2.1.8.3.2, some permission mappings should be changed ------------------------------------------------------------- Key: CMIS-710 URL: http://tools.oasis-open.org/issues/browse/CMIS-710 Project: OASIS Content Management Interoperability Services (CMIS) TC Issue Type: Bug Components: Domain Model Affects Versions: V1.0 Reporter: Scott Malabarba Priority: Minor In Section 2.1.8.3.2, several entries in the permission mapping table for operations that add or remove a child object to or from some parent object -- for instance, create document in folder -- state that "Read" permission is required on the parent object. I believe that "Write" should apply in these cases. The keys are canCreateDocument.Folder, canCreateFolder.Folder, canCreateRelationship.Source, canCreateRelationship.Target, canMoveObject.Target, canMoveObject.Source, canAddToFolder.Object, canAddToFolder.Folder, canRemoveObjectFromFolder.Object, canRemoveObjectFromFolder.Folder, canAddPolicy.Object and canRemovePolicy.Object. In the same section, several entries in the permission mapping table for operations that delete objects state that "Write" or "Read" permission is needed on the target object. I believe it should be "All". The keys are canDelete.Object, canDelete.Folder, canDeleteTree.Folder and canCancelCheckout.Document. canCancelCheckout.Document might be a more complicated case, since two repository objects can be involved: the document and the private working copy. If the specification for PWCs is intended to imply that a PWC has the same permissions as the latest checked-in version, then "All" is sufficient (however, the spec could be modified to state that explicitly). On the other hand, if the spec allows for a PWC and its parent document to have different permissions, then we might want modify the permission mapping table to reflect the fact that the PWC must be deleted, requiring "All", while the document is only modified, requiring "Write". Something like this: canCancelCheckOut Description: Can cancel the check out the Document object (cancelCheckOut) Base Object: cmis:document Operand: Object Key: canCancelCheckout.Document Permission: Write canCancelCheckOut Description: Can cancel the check out the Document object (cancelCheckOut) Base Object: cmis:document Operand: Object Key: canCancelCheckout.PrivateWorkingCopy Permission: All canDeleteObject Description: Can delete an object, such as a private working copy, that is a child of this document (deleteObject) Base Object: cmis:document Operand: document Key: canDelete.Document Permission: Write canDeleteObject Description: Can delete an object that is a child of this folder (deleteObject) Base Object: cmis:folder Operand: Folder Key: canDelete.Folder Permission: Write canDeleteObject Description: Can delete this object (deleteObject) Base Object: cmis:document, cmis:folder, cmis:relationship, cmis:policy Operand: Object Key: canDelete.Object Permission: All -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]