Custom Security policy

Hi, I need to block deletion of specific document types by user groups. I understand I need to write a custom security policy in order to achieve this, but I'm not sure how. So far, I have a java class extends AbstractSecurityPolicy implements SecurityPolicy that overrides the checkPermission method that returns an Access class which grants or denies permission. Is this the right way to do it? Or will it simply block the read permissions? Any help would be appreciated.

Thanks in advance

0 votes

2 answers




I strongly advise you to watch It contains all the needed information with a practical use case (sources are available to help you).

General steps are:

  1. Create your project with Nuxeo CLI
  2. Initialize your JAVA Class
  3. Write the CheckPermission method logic
  4. Build your SQLQueryTransformer
  5. Create an XML Extension
  6. Create your marketplace package


0 votes

a c
Thank you for your answer! But I have another issue: now that I have blocked deletions rights I also need to let the user know why he can't delete the document. Right now it only shows the message Error deleting document. Is there some way to add a custom message to relay the user that he does not have permissions to delete instead of an error message?

Security Policies are core securities: therefore, they are not “controlled” by the UI, leading by the kind of erro you have (the typical 403 - PERMISSION DENIED). So I would advice to implement UI logics (with Javascript to implement your conditions, in nuxeo-filter elements) in addition to the security policies.

0 votes