"Can ask for publishing" permission has no effect
Steps to reproduce the error using Nuxeo 5.9.5 virtual machine:
- Create a new user
- Create a new section. Assign to the previous user the read permission and deny “Can ask for publishing” permission.
- Log in as the created user, create a document and publish it in the section.
Is there a way to enable users to see a section without being able to publish in it?
Thanks in advance. Regards.
This is expected, as Read includes CanAskForPublishing and if you allow Read before denying CanAskForPublishing then the deny won't matter.
Note that this changed for Nuxeo 6.0 (NXP-15563).
I'm afraid the order of granting/denying the permissions shouldn't change the resultant permission. And in fact it doesn't change it. you can reproduce the behaviour in the Nuxeo VM easily:
- Create a new section.
- Deny "Can ask for publishing" permission for a user in that section.
- Then assign to the previous user the read permission.
- Log in as the created user, create a document and publish it in that section.
I'm glad Nuxeo 6 solves this behaviour. I guess we'll have to wait.
Thanks.