Visibility of documents according to the State
Hello everybody,
I'm currently working for an IT project and I'd like to customize the visibility of my documents according to the document's State, using the User Groups
Here's my example :
I created a user group called “Developer” for all our developers
- if the document is in the Draft state, “Developer” users cannot see the document
- when the document is in the Validated state, it automatically appears for “Developer” people
How can I do that ?
Thanks a lot, Julien
There is other way than Security Policy to implement this use case. Here, I assume your document is draft only after creation (certainly a simplification against your use case), but you will have the idea to implement if the document goes back to draft, I let you do it:
Create an eventHandler for creation Event :
- Events : Document Created
- Document type : yourDocType
- Operation chain :
- Fetch Context Document
- User & Groups > Login As (let empty field)
- Document > Set ACL : ReadWrite / yourGroup / aNameOfYourChoice / grant checked
- Document > Set ACL : Everything / Everyone / aNameOfYourChoice / grant unchecked
- User & Groups > Logout
And create a second eventHandler for the transition
- Events : Lifecycle transition event
- Document type : yourDocType
- Operation chain :
- Fetch Context Document
- User & Groups > Login As (let empty field)
- Document > remove ACL : aNameOfYourChoice
- User & Groups > Logout
I think that's all. This is not the best implementation, I will suggest for a production server with a large volume of data a security policy. But this is fine for small/medium project.
Thanks a lot anyway ! :)
I guess you have to create another EventHandler, with permission "DenyRead" or something like that ?
Thank you
Merci infiniment !
The best way is to use a Security Policy manage through Nuxeo IDE :
- to start here is the link
- Then create a Nuxeo Plugin project
- Click on yellow NX link / Security / Security Policy
- Give a name to your Security Policy (it will be the name of the classe that implements your logic) / set the order to -100 (to be sure to be the first one)
And finally in checkPermission method fill like the that:
public Access checkPermission(Document doc, ACP mergedAcp,
Principal principal, String permission,
String[] resolvedPermissions, String[] additionalPrincipals)
throws SecurityException {
NuxeoPrincipal nxPrincipal = (NuxeoPrincipal) principal;
boolean isReadWriteAccess = false
for (String permissionTmp : resolbedPermissions) {
if ("ReadWrite".equals(permissionTmp) {
isReadWriteAccess = true;
}
}
if (isReadWriteAccess && "Validated".equals(doc.getLifeCycleState() && nxPrincipal.isMemberOf("developer")) {
return Access.DENY;
}
... I think you understood the idea, implement your stuff...
return Access.UNKNOWN;
}
To not have bad response time and problems for paginations, you will have also to implement the query transformer (see interface the class implement).
That's it.
Just one question : there is no way to do it directly with Nuxeo Studio ? I'm more on the functional side and I'm not quite used to Eclipse…
I tried to solve this problem by myself and I think this could be done by the Document / Set ACL in the Automation Chains, am I right ?
Thank you very much, Julien
Try to use the comment for comments and answers for answers, I will give you answer with just studio.