Ask Question
« General Questions on Nuxeo

Functional permissions in nuxeo

I have been trying to understand the permission management in nuxeo. As far as my understanding, ACLs are attached to a document, and they contain the information whether a user can read/write/remove the document. I wanted to know if these ACLs are used to display/hide the buttons such as “Edit”/“Delete” on the UI (when we view a particular document) or is there a different mechanism for that.

I also went through this link, which gives the mapping of permissions to allowed functions. In my understanding ACLs control the rendering of different buttons based on different types of access rights. I want to know if my understanding is correct?

Ritesh Kumar
Member (166)   1   2   3 		03/05/2019 ( History)
0 votes
1 answers
1591 views
ANSWER
ANSWERS

ACLs are set on documents. There are the default Read, Write, Everything permssions but they can be customized:

  <extension target="org.nuxeo.ecm.core.security.SecurityService" point="permissions">

        <!--
            customized Write permission
        -->
        <permission name="Write">
            <remove>Remove</remove>
        </permission>

        <!--
            customized ReadWriteAndRemove permission
            does the same as the default nuxeo ReadWrite permission
        -->
        <permission name="ReadWriteAndRemove">
            <include>Read</include>
            <include>Write</include>
            <include>Remove</include>
        </permission>

        <!-- custom Permission -->
        <permission name="GetPersistentId">
            <include>ReadWrite</include>
        </permission>
    </extension>


    <extension target="org.nuxeo.ecm.core.security.SecurityService" point="permissionsVisibility">
        <visibility>
            <item show="true" order="10">Read</item>
            <item show="true" order="20">ReadWrite</item>
            <item show="true" order="30">ReadWriteAndRemove</item>
            <item show="true" order="40">Everything</item>
            <item show="true" order="50">GetPersistentId</item>
        </visibility>
    </extension>

In the WebUI there are slots that have their own permissions (buttons, drawer items, …). All permissions defined above can be used on the slots:

<nuxeo-slot-content name="addFacetAction" slot="DOCUMENT_ACTIONS" order="2>
  <template>
    <nuxeo-filter document="[[document]]" permission="Write" state="project" type="File">
      <template>
        <addfacets-action document="[[document]]"></addfacets-action>
      </template>
    </nuxeo-filter>
</nuxeo-slot-content>

Even though it's a rather late response, I hope it helps.

Best

Stefan

ssze
Member (1.3K)   2   4   6 		07/25/2019 ( History)
0 votes
Follow
Tags
Linked Questions
Related Questions
Permission problem
from api content automation how to setACE on a document
Endpoint for fetching acl
How to grant access to group to folder using REST API
Custom contribution in Studio UI is not updating
Get all accesssible document of a user while being authenticated as Administrator PYTHON API
Is it possible to make a template for permissions?
aclOptimization flag
Is it possible to know if a particular permission is grant anywhere in Nuxeo?