Newcomer issues

[yrodiere]

I just had to start working on EasySOA from scratch. I encountered some issues, so here is my feedback. I was told to pack my issues together, so here I go. I will re-submit bugs separately afterwards to keep track of each one's status if you wish.

Documentation

• The Project hierarchy page on the wiki is not up-to-date anymore
• On a side-note, there seems to be a missing video on the official website. It's an old one, though.

  Nuxeo

I think there is some rights issues in EasySOA-Core (Nuxeo). Hence, the following issues might have only one origin.

Issue 1

When I try to connect with user "Sophie", on some pages I get the following error in a box on the top of the page: "Une erreur est survenue lors de la mise en page" (rough translation: "An error occurred during the layout"). In the logs, it seems caused by a "SpaceNotFoundException" (?). Interestingly enough, the behavior can change during the session...

This stack trace seems relevant (found in server.log in the Nuxeo launcher window).

Steps to reproduce:

• Connect "Sophie"
• On "Home > Dashboard", the error occurs. Sam thing for "Document Management"
• Go to "Sophie> Espace personnel" ("Sophie > Personal space"?). It works, no error.
• Go to "Document Management" again. Unlike last time, it works...?

  Issue 2

The EasySOA menu on the top, which features the SCA import, is only visible for the Administrator. In particular, Ted cannot view it.

Steps to reproduce:

• Connect "Ted"
• The "EasySOA" menu is not there.

  Issue 3

The architectural browsing seems broken: it displays an error message "Failed to execute query: No such property: app:environment".

Steps to reproduce:

• Connect with any user
• Click on any environment in the architectural view.

  Discovery by browsing

This seems to be specific to my own machine, but I'm experiencing latency issues. When i browse to a page, it takes something like 10s to display the corresponding services on the left panel, and sometimes it never displays. The proxy is working fine, though, according to the logs (no latency, services discovered exactly when I jump to a page).

Steps to reproduce:

• Connect with any user (even Administrator)
• Use the service discovery browser

[tiry]

I can give you some hint about the Nuxeo part :

Issue 1:

This is a security issue. EasySOA Overrides the DashboardSpace provider as visible in the error stack :

org.easysoa.dashboard.UserDashboardSpaceProvider.getOrCreateSpace(UserDashboardSpaceProvider.java:113)

We should see with Marwan why this service was customized and then see what security policy should be aplied :

• should the creation be done in unrestricted code ?
• should the creation be done in a place where the use has the Write permission (like in Nuxeo in the private Workspace) ?
• should the default goup mapping grand Write perm somewhere ?

Issue 2:

This is a security issue too :

Here is the declaration of the EasySOA tab :

<action id="easysoa" link="view_easysoa" label="EasySOA" order="120">
      <category>MAIN_TABS</category>
      <filter-id>only_for_manager</filter-id>
</action>

=> The action is only available for managers ==> this can be easily changed, we just need to define the rules

Issue 3

The "app" prefix is bound to the schema appliimpldef.xsd that does not contain any field called environment. So it's a real application bug, looks to me like the XSD was refactored and the query was not updated accordingly.

Hope this helps.

[mkalam-alami]

Documentation

I just fixed the video tag, and updated the wiki page a bit, thanks.

Issue 1

Indeed I replaced the DashboardSpace provider, but it was just in order to customize the default gadgets layout. Either my code is outdated or there's something wrong with the rights, since there's no reason a user could not Write in it's own dashboard.

Also, it seems like custom users can't access the main document domain, so there's definitely some more rights to grant.

Issue 2

Ok I'll edit the XML contribution.

Issue 3

looks to me like the XSD was refactored and the query was not updated accordingly.

You're right. I'll disable this navigation tab for the moment.

[tiry]

Issue 1

The code in the UserDashBoardSpaceProvider is wrong. You directly use the "template" dashboard from the Management without doing first a copy :

This has 2 direct impact :

• only managers can have access to the dashboard
• all users have the same exact dashboard

=> The problem is the missing code in userDashboardSpaceProvider

        // copy the existing one from /management
        DefaultDashboardSpaceCopy defaultDashboardSpaceCopy = new DefaultDashboardSpaceCopy(
                session, parameters, userWorkspacePath);
        defaultDashboardSpaceCopy.runUnrestricted();

Technically, you don't need to override all this, you should be able to only override the defaultDashboardSpaceProvider. You can take a look at how it's done in the SocialCollab addon :

=> https://github.com/nuxeo/nuxeo-social-collaboration/blob/master/nuxeo-social-workspace/nuxeo-social-workspace-web/src/main/resources/OSGI-INF/social-workspace-space-provider-contrib.xml

Here only the part about the defaultDashBoardProvdier is needed :

 <spaceProvider name="defaultDashboardSpaceProvider">
      <class>
        org.nuxeo.ecm.social.workspace.spaces.SocialWorkspaceDefaultSpaceProvider
      </class>
</spaceProvider>

[tiry]

To answer your question about "Also, it seems like custom users can't access the main document domain, so there's definitely some more rights to grant.".

The default root ACL on the repository is to grant READ to the group members. Since your "custom" users are not part of the "members" group they have no rights at all => they got redirected to the dashboard

You can fix that in 2 ways :

• either make the users part of the "members" group
• either change the content-template-contrib.xml to define the ACL at root according to what you want

see

 <factoryBinding name="RootFactory" factoryName="SimpleTemplateRootFactory" targetType="Root">
      <acl>
        <ace principal="Administrator" permission="Everything" granted="true"/>
        <ace principal="members" permission="Read" granted="true"/>
      </acl>
      <template>
       <templateItem typeName="Domain" id="default-domain" title="EasySOA"
           description="EasySOA domain"/>
       </template>
</factoryBinding>

[mkalam-alami]

Ok I fixed the rights issues by adding everybody to the members group, plus replacing the filter for the EasySOA tab.

Regarding the dashboard, I actually did the override using a contribution like you've shown, but indeed the code was wrong, I get why now. I tried to fix this, but I couldn't make Nuxeo initialize the default dashboard with my own SpaceCreator (I admit I didn't dive too much in the SpaceProviders architecture), so I went for editing all dashboards after their creation.

[tiry]

Well the dashboard init is done only once for each user, so if you change the code, you should wipe the data directory.

Tiry

On 3 April 2012 15:57, Marwane Kalam-Alami < reply@reply.github.com

wrote:

Ok I fixed the rights issues by adding everybody to the members group, plus replacing the filter for the EasySOA tab.

Regarding the dashboard, I actually did the override using a contribution like you've shown, but indeed the code was wrong, I get why now. I tried to fix this, but I couldn't make Nuxeo initialize the default dashboard with my own SpaceCreator (I admit I didn't dive in too much in the SpaceProviders architecture), so I went for editing all dashboards after their creation.

---

Reply to this email directly or view it on GitHub: https://github.com/easysoa/EasySOA/issues/112#issuecomment-4901718

[tiry]

Do you need anything else on this ?

[mkalam-alami]

Everything seems done.