Get all accesssible document of a user while being authenticated as Administrator PYTHON API


I'm using the Nuxeo Python API with Nuxeo 10.10 and want to know if there is any way to fetch all accessible document while log as administrator. I've already find a way, but it's a bit tricky and i don't think it's the official way.

Thanks in advance,


Edit : I want a way to “usurpate” the user account as admin :)

I've a website where a user connect via a CAS. When authenticated he can access to a “Nuxeo Interface” (not the nuxeo website but an intern page of my website where he can search for particular documents). So the user doesn't connect to Nuxeo with his account because i don't want him to enter his password again, i use the CAS username which is the same as the Nuxeo username to get his groups. At the same time i get all documents from Nuxeo where he makes a demand, i get the ACL of the document with fetch_acls() and compare the groups and permission to user_groups. So I've an array of array of documents with user permission returned by my method :

Something like this :

[ Document1, Write ],
[ Document2, Read ],

But i've heard that there's a better way to do this, like “usurpate” user by directly taking all documents accessible by him, instead of doing this by myself in my app

Hope you understand


The part to get permission : A “node” is a Document

def check_perm_level(old, new):
if old >= new:
return old
return new
def get_node_permission(node, groups):
perm_level = 0
acls = node.fetch_acls()
for i in range(len(acls)):
permissions = acls[i]["aces"]
for permission in permissions:
if permission['username'] not in groups or permission['granted'] == "False":
if permission['permission'] == 'Read':
perm_level = check_perm_level(perm_level, 1)
elif permission['permission'] == 'ReadWrite':
perm_level = check_perm_level(perm_level, 2)
elif permission['permission'] == 'Everything':
perm_level = check_perm_level(perm_level, 3)
return perm_level
0 votes

0 answers



Could you share your code please? I am not sure I understand the use case, could you elaborate?

I've answered you in the commentary below, thanks in advance

Mickaël Schoentgen i've edited my post instead of making an answer

Did you see Auth.LoginAs? Maybe could you try something with that.

Yes something like that, but i can't figure how to use it Thanks a lot