-
Type: Bug
-
Status: Closed
-
Priority: Minor
-
Resolution: Unresolved
-
Affects Version/s: V1.0
-
Fix Version/s: None
-
Component/s: Domain Model
-
Labels:None
-
Proposal:
In Section 2.1.8.3.2, several entries in the permission mapping table for operations that add or remove
a child object to or from some parent object – for instance, create document in folder – state that
"Read" permission is required on the parent object. I believe that "Write" should apply in these cases.
The keys are canCreateDocument.Folder, canCreateFolder.Folder, canCreateRelationship.Source, canCreateRelationship.Target, canMoveObject.Target, canMoveObject.Source, canAddToFolder.Object, canAddToFolder.Folder, canRemoveObjectFromFolder.Object, canRemoveObjectFromFolder.Folder, canAddPolicy.Object and canRemovePolicy.Object.
In the same section, several entries in the permission mapping table for operations
that delete objects state that "Write" or "Read" permission is needed on the target object.
I believe it should be "All".
The keys are canDelete.Object, canDelete.Folder, canDeleteTree.Folder and canCancelCheckout.Document.
canCancelCheckout.Document might be a more complicated case, since two repository objects can be involved: the document and the private working copy.
If the specification for PWCs is intended to imply that a PWC has the same permissions as the latest checked-in version, then "All" is sufficient (however, the
spec could be modified to state that explicitly).
On the other hand, if the spec allows for a PWC and its parent document to have different permissions, then we might want modify the permission mapping
table to reflect the fact that the PWC must be deleted, requiring "All", while the document is only modified, requiring "Write". Something like this:
canCancelCheckOut
Description: Can cancel the check out the Document object (cancelCheckOut)
Base Object: cmis:document
Operand: Object
Key: canCancelCheckout.Document
Permission: Write
canCancelCheckOut
Description: Can cancel the check out the Document object (cancelCheckOut)
Base Object: cmis:document
Operand: Object
Key: canCancelCheckout.PrivateWorkingCopy
Permission: All
canDeleteObject
Description: Can delete an object, such as a private working copy, that is a child of this document (deleteObject)
Base Object: cmis:document
Operand: document
Key: canDelete.Document
Permission: Write
canDeleteObject
Description: Can delete an object that is a child of this folder (deleteObject)
Base Object: cmis:folder
Operand: Folder
Key: canDelete.Folder
Permission: Write
canDeleteObject
Description: Can delete this object (deleteObject)
Base Object: cmis:document, cmis:folder, cmis:relationship, cmis:policy
Operand: Object
Key: canDelete.Object
Permission: All