Uploaded image for project: '[Read Only] - Hippo Site Toolkit 2'
  1. [Read Only] - Hippo Site Toolkit 2
  2. HSTTWO-4686

Sitewriter user cannot create a new document when having the userrole xm.content.editor or mx.content.author

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Normal
    • Resolution: Fixed
    • None
    • 14.0.0
    • None
    • None

    Description

      privilege author and editor do not have jcr:write access on document variants, except for drafts they are the holder of.

      Now, when a sitewriter gets userrole xm.content.editor or mx.content.author it can create new documents and write to the draft since that user will be the holder. However, in WorkflowPersistenceManagerImpl in the HST, the following code is being used 

      if (documentAdditionWorkflowCategory.equals(category)) {

                    // added new document : because the document must be in 'preview' availability, we now set this explicitly
                    if (addedNode.isNodeType("hippostd:publishable")) {
                        log.info("Added document '{}' is pusblishable so set status to preview.",
                                addedNode.getPath());
                        addedNode.setProperty("hippostd:state", "unpublished");
                        addedNode.setProperty(HippoNodeType.HIPPO_AVAILABILITY, new String[] {"preview"});
                    } else {
                        log.info("Added document '{}' is not publishable so set status to live & preview directly.",
                                addedNode.getPath());
                        addedNode.setProperty(HippoNodeType.HIPPO_AVAILABILITY, new String[] {"live", "preview"});
                    }

                    if (addedNode.isNodeType("hippostd:publishableSummary")) {
                        addedNode.setProperty("hippostd:stateSummary", "new");
                    }
                    addedNode.getSession().save();
                }

      The above is problematic, because by changing the "hippostd:state" to 'unpublished' the sitewriter cannot write to the node anymore!!

      Of course, the code above should be handled by workflow:

      if (documentAdditionWorkflowCategory.equals(category)) {

                    // commit the editable instance that was created

                    Workflow docWf = getWorkflow(documentNodeWorkflowCategory, getHandleForDocumentWorkflow(addedNode)););
                    if (docWf instanceof DocumentWorkflow) {
                        ((DocumentWorkflow)docWf).commitEditableInstance();
                    } else {
                        throw new ObjectBeanPersistenceException(String.format("Failed to commit editable instance of newly created " +
                                "node '%s'", addedNode.getPath()));
                    }

                }

      since then the workflow user will correctly commit the draft!

      This results from HSTTWO-2837 which was a hacky solution

      Attachments

        Issue Links

          is a result of

          Bug - A problem which impairs or prevents the functions of the product. HSTTWO-2837 Non-publishable documents created by workflow remain in preview

          • Normal - Normal priority, tasks to be done before next intermediate release
          • Closed
          relates to

          Improvement - An improvement or enhancement to an existing feature or task. HSTTWO-4687 Sanitize 'sitewriter' user in testsuite to be more aligned with real setups

          • Normal - Normal priority, tasks to be done before next intermediate release
          • Closed

          Activity

            People

              Unassigned Unassigned
              aschrijvers Ard Schrijvers
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: