Audit log when Document access is forbidden (User Cannot Read the Document)
How to create a Audit Log (or even a History line of Document) in Nuxeo when a User that don't have permission to read the , but try to access with a permalink?
That are some way to do by extension point?
I know is possible to do by listening events on document. (https://doc.nuxeo.com/display/NXDOC/Audit#Audit-Event)
But dont exists any event like “no_access_granted_for_document” or some other way to do?
-I think the Access Check (hasPermission) happens before the Audit be available for. I'm wrong?
You're right, there's no event sent when permissions checks failed and access to a document is denied. So what you're trying to do is not currently possible without changing some code inside Nuxeo.
Yes, I thought about it. So, I'll try doing it inside AbstractSession.java (hasPermission methods), for having the event fired and a simple contrib to handle that event. It's be a good way? What do you think?
CoreSession.getDocumentsdoes this, or Nuxeo Drive. Maybe
DefaultNuxeoExceptionHandleror a subclass, when calling
ExceptionHelper.isSecurityError, would be a better location.