Is that a bug concerning users, permissions and workspace objects ?

[eliotberriot]

Hi everyone, this is my very first post here. I'm sorry if i'm doing it wrong.

I'm new to Feng Office : i use the Community Edition, version 2.2.0, since a few weeks.

I really like this product. However, i'm facing some issues, and I don't know if they are bugs or if i'm doing something wrong with configuration.

The first one : users accessing objects they sould not.

I can't reproduce this every time. Sometimes, it shows up, and sometimes not. However, it seems to correct itself after a few hours.

Reproduction steps :

- I've got a WorkSpace B, within a Workspace A.

- I've got a user (named "user", for exemple). I give him the permission to read Workspace A, and to modify Workspace B.

- In Workspace B, I create, as Admin, an object (link, document, note...).

- User can access the object

- I set user's permission on workspace A to None

- I log as user, and i still can read object, despite the fact i do not
have any permission on Workspace A. However, as user, i can't see to which workspace it is related, or edit the object properties. Just read.

Is that normal ? I mean, a user has no permission on a Workspace, and still can access objects in it. Is there a cache or something, that may cause this problem ? Or am i making an obvious mistake ?

The second one : user can't access objects they should

This one is a bigger deal for me. Like the previous one, i can't reproduce it every time.

Reproduction steps :

- A workspace B, inside a Workspace A
- User can modify B
- I set User's permissions on B to none
- User can't see anything about B (if the previous problem do not shows up)
- I set User's permission on B to all
- User can access to A and add new objects (notes, documents, weblinks...), but he can't see any object that have been created before he was given the access. Object created after are visible.
- If i re log as admin, go to workspace B, edit an object that User can't seen, and just save, without doing any modification on it, then User can see and modify it again.

This one is very bad because when I change permissions on a workspace, object are desappearing for some users, and i have to update every single object in it to correct the problem. With a significantly amount of objects, it takes a lot of time.

If i recap : i've got two users, with exactly the same rights on a workspace, they are both collaborator customers. One can access to anything, while the other can only create new objects or access objects that have been created after he was granted the right to access the workspace.

Am i the only one to face this ? Is that the normal behaviour of Feng Office ?

If someone could help, it would be great, because I like Feng Office, and want to keep using it.

I can give you more informations if needed. Tell me if i'm not clear enough, english is not my first language.

Thank you !

[franponce87]

Hello Eliot,

Welcome to Feng Office Forums! Your English is more than great, so no worries about it

Not sure whether those problems are due to bugs in the system or to the specific permissions you set up, however, many permission improvements have been done within the 2.2.1 and 2.2.2 upcoming version. Please let us know how it goes in 2.2.2, which will be available pretty soon.

On the other hand, if you are using Feng Office within a business environment you ought to consider going for the Professional Edition as well.
Further information about it can be found in my signature.

Best regards,
Francisco

[apmuthu]

If Workspace A is under Workspace B, then any user with write permissions in Workspace B will have such rights in Workspace A and will override any inferior rights in Workspace A.

FengOffice follows a hierarchial permission system that gets inherited and overides permissions set in sub workspaces.

This is not like the true ACLs that permit the lowest object in the hierarchy to set fine grained permissions as seen in phpGACL and other projects.

Hence make the Workspace independant of Workspace B and use Tags to link objects between them and provide permissions on a need to use role basis across workspaces.

[eliotberriot]

First of all, thank you both for your answer.

As my message is a few weeks old, i just ran some other tests about permissions, before writing this, to see if it's working fine or not (if updated to 2.2.1) :

- i created a user especially for the occasion (let's call him X)

- I've got a workspace B (WB), within a workspace A (WA).

1.A 1 If i give X read permission on WA and write on WB, everything is fine.
1.B If i only give X write permission on WB, X can see nothing.

Is that normal ? It means i have to browse the whole workspace hierarchy before WB to set permissions so that X can see WB. Can't we just say "i want X to write WB" ?

Continuing from 1.A :

then, i set X permissions on WB to none.
X can't access anything, so everything is okay.
(don't know how i got the strange bug before, when X could still see WB)

then, i set X permissions on WB to write again
X can access WB. Strange again, when i did this a few weeks ago, X can access WB but all the objects that have been created before he was grante the permission to access WB were invisible to him

However, if the bug is fixed, that's fine for me.

May i suggest a feature ? For admin, the ability to virtually log as a specific user to see what he can access or not would be great, in my opinion.

Apmuthu, thank you for your suggestion on using tags. However, in my case, i really need a workspace hierarchy.

Franponce, actually, i'm a student, and I use FengOffice for personnal needs and studies. I definitely can't afford the cost of the professionnal edition.

Is there a roadmap or something, where i can find precisely the dates for each realeses ?

Happy new year !

[franponce87]

If Workspace A is under Workspace B, then any user with write permissions in Workspace B will have such rights in Workspace A and will override any inferior rights in Workspace A.

No, it does not work that way. That is the default option it takes when you create nested workspaces, but you can set them up as you wish to.

First of all, thank you both for your answer.

As my message is a few weeks old, i just ran some other tests about permissions, before writing this, to see if it's working fine or not (if updated to 2.2.1) :

- i created a user especially for the occasion (let's call him X)

- I've got a workspace B (WB), within a workspace A (WA).

1.A 1 If i give X read permission on WA and write on WB, everything is fine.
1.B If i only give X write permission on WB, X can see nothing.

Is that normal ? It means i have to browse the whole workspace hierarchy before WB to set permissions so that X can see WB. Can't we just say "i want X to write WB" ?

No, it is not normal, and it should not work that way. I never saw this behaviour before, but in case it was a bug, it has been fixed for the 2.2.2 RC version for sure.
If X has read & write permissions in B, he should see and write everything there.

Continuing from 1.A :

then, i set X permissions on WB to none.
X can't access anything, so everything is okay.
(don't know how i got the strange bug before, when X could still see WB)

then, i set X permissions on WB to write again
X can access WB. Strange again, when i did this a few weeks ago, X can access WB but all the objects that have been created before he was grante the permission to access WB were invisible to him

However, if the bug is fixed, that's fine for me.

Never experienced this so far yet, and it should not work this way.
Meaning: if a user has access to a workspace, he should see everything within it (if it has reading permissions for the particular object)

May i suggest a feature ? For admin, the ability to virtually log as a specific user to see what he can access or not would be great, in my opinion.

[/left]

It is in our Road Map, but not the immediate one.

Best regards,
Francisco