This mostly works, I can edit documents appropriately, and only see the document roots I’d like the user to see, however when that type of user (editor role) tries to upload a file, I get the following error:
Is there something obvious I have misconfigured? If it is non-obivous, I could upload a few more screenshots regarding the setup of my content domains and their groups and user roles.
Putting the logging for the gallery classes a bit higher I get the following stack trace, which is a bit more helpful:
[INFO] [talledLocalContainer] Caused by: javax.jcr.AccessDeniedException: /content/gallery/demo/events/demoImage.jpg/demoImage.jpg/hippogallery:thumbnail/jcr:mimeType: not allowed to add or modify item
[INFO] [talledLocalContainer] at org.apache.jackrabbit.core.ItemSaveOperation.validateTransientItems(ItemSaveOperation.java:473) ~[jackrabbit-core-2.18.5-h1.jar:14.2.2]
[INFO] [talledLocalContainer] at org.apache.jackrabbit.core.ItemSaveOperation.perform(ItemSaveOperation.java:216) ~[jackrabbit-core-2.18.5-h1.jar:14.2.2]
[INFO] [talledLocalContainer] at org.apache.jackrabbit.core.session.SessionState.perform(SessionState.java:216) ~[jackrabbit-core-2.18.5-h1.jar:2.18.5-h1]
[INFO] [talledLocalContainer] at org.apache.jackrabbit.core.ItemImpl.perform(ItemImpl.java:91) ~[jackrabbit-core-2.18.5-h1.jar:14.2.2]
[INFO] [talledLocalContainer] at org.apache.jackrabbit.core.ItemImpl.save(ItemImpl.java:329) ~[jackrabbit-core-2.18.5-h1.jar:14.2.2]
[INFO] [talledLocalContainer] at org.apache.jackrabbit.core.session.SessionSaveOperation.perform(SessionSaveOperation.java:65) ~[jackrabbit-core-2.18.5-h1.jar:2.18.5-h1]
[INFO] [talledLocalContainer] at org.apache.jackrabbit.core.session.SessionState.perform(SessionState.java:216) ~[jackrabbit-core-2.18.5-h1.jar:2.18.5-h1]
[INFO] [talledLocalContainer] at org.apache.jackrabbit.core.SessionImpl.perform(SessionImpl.java:367) ~[jackrabbit-core-2.18.5-h1.jar:14.2.2]
[INFO] [talledLocalContainer] at org.apache.jackrabbit.core.SessionImpl.save(SessionImpl.java:856) ~[jackrabbit-core-2.18.5-h1.jar:14.2.2]
[INFO] [talledLocalContainer] at org.hippoecm.repository.impl.SessionDecorator.save(SessionDecorator.java:279) ~[hippo-repository-engine-14.2.2.jar:14.2.2]
[INFO] [talledLocalContainer] at org.hippoecm.frontend.plugins.gallery.GalleryWorkflowPlugin.createGalleryItem(GalleryWorkflowPlugin.java:178) ~[hippo-cms-gallery-frontend-14.2.2.jar:14.2.2]
[INFO] [talledLocalContainer] at org.hippoecm.frontend.plugins.gallery.GalleryWorkflowPlugin.access$100(GalleryWorkflowPlugin.java:78) ~[hippo-cms-gallery-frontend-14.2.2.jar:14.2.2]
[INFO] [talledLocalContainer] at org.hippoecm.frontend.plugins.gallery.GalleryWorkflowPlugin$UploadDialog.onFileUpload(GalleryWorkflowPlugin.java:103) ~[hippo-cms-gallery-frontend-14.2.2.jar:14.2.2]
The user (demo-author) has a membership to the group demo-author that has the following userroles assigned:
Just for anyone else with a similar problem. I worked out that the xm.content.user does not have sufficient access to upload gallery items (but can do mostly anythign else, but xm.content.author and xm.content.editor do.
I’ve also worked out the reason that all content appears if I add any of the above userroles to a user’s group is, that they are part of the base content domain definition. So, after removing the readonly, author and editor access indicators from the default content domain, everything ends up being as expected.
It’s all a bit confusing, so I’m happy to have fixed it – thanks for your help!
