How to prevent user with ONLY READ permission from deleting, modifying, and adding tags?
I need a situation where user with only READ permission can't add tags, delete or modify tags added by another user which has higher granted permission.
Please, can someone help me?
I would be very grateful, Thanks.
I did this by extending the TagActionsBean and overriding the addTagging and removeTagging methods. In my case I allow actions based on group memberships. So within addTagging and removeTagging I call a custom method to check membership – the custom method gets Principal and determines group membership (see below) – if user is allowed to add/remove tags custom method returns true, otherwise false…
private boolean taggingIsPermitted(DocumentModel currentDocument) {
// document is locked so do not permit tagging action
if (currentDocument.isLocked()) {
return false;
}
// if document is not locked then check to make sure READ only users cannot tag
Principal principal = documentManager.getPrincipal();
NuxeoPrincipal np = (NuxeoPrincipal) principal;
if (!(np.isMemberOf("librarians") || np.isMemberOf("managers") || np.isMemberOf("powerusers"))) {
return false;
}
return true;
}