Permissions for Everyone are not propagated to content in a new public layer

[alansemenov]

When a new public layer is created, each item propagated into this new layer from the level above is supposed to have READ permissions for Everyone added to it. However, this doesn't seem to happen. We do add correct READ permissions for Everyone to /content node of the new layer, but not to the content items.

To reproduce:

1. Install Superhero blog app

2. Go to "Settings" of Content Studio and create a new layer under "Superhero Blog" project:

   • fill out display name
   • select "Public"
   • click "Save"

3. Check permissions of inherited content (f.ex. the site) in Data Toolbox - no permissions for Everyone:

What's even worse is that Content Studio IS showing READ permissions for Everyone because the site is displaying permissions of its parent content (which is /content) where permissions for Everyone are correctly set.

If you now change the layer settings to "Private", Save, then change back to "Public" and Save again, then permissions for Everyone will be correctly applied to the items. It's only on create where it doesn't seem to work.

[anatol-sialitski]

Issue moved to enonic/app-contentstudio #3657 via ZenHub

[rymsha]

XP did not set Everyone READ permissions when repository gets created, only a few moments permissions are set. This allows Layers sync process to create content in a layer without Everyone READ access. Fix is to allow specify public assess for project in create method.

This affects JS API internal implementation, too. So, in order to get a fix developers need to update lib-project, too.

[sigdestad]

Question: We also create a range of other roles for a new project, and set them as permissions for the root item - why was this only a problem for the "everyone" role, and not for the others?

[anatol-sialitski]

Before it was done in two steps:

• create a project with default project permissions (owner, author, viewer and etc)
• modify read access, if public then everyone should be added. That opearation is asynchronous.

Once project was cretaed sync process was triggered. If in this period of time from client side was requested a modifyReadAccess request then there is a conflict on data layer.

Now, if provided public then project persmissions and everyone are setting up during creation of the project.