Content domains and upload functionality

Hi all,

Me again!

I’ve used example 3 from here (Groovy Updater Script Examples - Bloomreach Experience Manager - The Fast and Flexible Headless CMS) combined with some documentation about the new way content domains are organised in the newer Bloomreach CMS versions to create a way for users to only see one of the content roots in /content/documents, ./gallery and ./assets.

This mostly works, I can edit documents appropriately, and only see the document roots I’d like the user to see, however when that type of user (editor role) tries to upload a file, I get the following error:


Is there something obvious I have misconfigured? If it is non-obivous, I could upload a few more screenshots regarding the setup of my content domains and their groups and user roles.

Any help is much appreciated!




Hi Marnix,
What version are you running?


14.2.2 I believe.



Putting the logging for the gallery classes a bit higher I get the following stack trace, which is a bit more helpful:

[INFO] [talledLocalContainer] Caused by: javax.jcr.AccessDeniedException: /content/gallery/demo/events/demoImage.jpg/demoImage.jpg/hippogallery:thumbnail/jcr:mimeType: not allowed to add or modify item
[INFO] [talledLocalContainer] 	at org.apache.jackrabbit.core.ItemSaveOperation.validateTransientItems( ~[jackrabbit-core-2.18.5-h1.jar:14.2.2]
[INFO] [talledLocalContainer] 	at org.apache.jackrabbit.core.ItemSaveOperation.perform( ~[jackrabbit-core-2.18.5-h1.jar:14.2.2]
[INFO] [talledLocalContainer] 	at org.apache.jackrabbit.core.session.SessionState.perform( ~[jackrabbit-core-2.18.5-h1.jar:2.18.5-h1]
[INFO] [talledLocalContainer] 	at org.apache.jackrabbit.core.ItemImpl.perform( ~[jackrabbit-core-2.18.5-h1.jar:14.2.2]
[INFO] [talledLocalContainer] 	at ~[jackrabbit-core-2.18.5-h1.jar:14.2.2]
[INFO] [talledLocalContainer] 	at org.apache.jackrabbit.core.session.SessionSaveOperation.perform( ~[jackrabbit-core-2.18.5-h1.jar:2.18.5-h1]
[INFO] [talledLocalContainer] 	at org.apache.jackrabbit.core.session.SessionState.perform( ~[jackrabbit-core-2.18.5-h1.jar:2.18.5-h1]
[INFO] [talledLocalContainer] 	at org.apache.jackrabbit.core.SessionImpl.perform( ~[jackrabbit-core-2.18.5-h1.jar:14.2.2]
[INFO] [talledLocalContainer] 	at ~[jackrabbit-core-2.18.5-h1.jar:14.2.2]
[INFO] [talledLocalContainer] 	at ~[hippo-repository-engine-14.2.2.jar:14.2.2]
[INFO] [talledLocalContainer] 	at ~[hippo-cms-gallery-frontend-14.2.2.jar:14.2.2]
[INFO] [talledLocalContainer] 	at$100( ~[hippo-cms-gallery-frontend-14.2.2.jar:14.2.2]
[INFO] [talledLocalContainer] 	at$UploadDialog.onFileUpload( ~[hippo-cms-gallery-frontend-14.2.2.jar:14.2.2]

The user (demo-author) has a membership to the group demo-author that has the following userroles assigned:

Any help debugging (or letting me know a good way to go about debugging) this would be greatly appreciated!




Just for anyone else with a similar problem. I worked out that the xm.content.user does not have sufficient access to upload gallery items (but can do mostly anythign else, but and xm.content.editor do.

I’ve also worked out the reason that all content appears if I add any of the above userroles to a user’s group is, that they are part of the base content domain definition. So, after removing the readonly, author and editor access indicators from the default content domain, everything ends up being as expected.

It’s all a bit confusing, so I’m happy to have fixed it – thanks for your help!



What might help in those cases is to: go to /console app and select specific node and choose:

Node > View Permissions
Than, in the modal popup, fill in the user name and lookup its permissions and compare it to other users…

1 Like