How to prevent user with ONLY READ permission from deleting, modifying, and adding tags?

I need a situation where user with only READ permission can't add tags, delete or modify tags added by another user which has higher granted permission.
Please, can someone help me?
I would be very grateful, Thanks.

0 votes

1 answers

763 views

ANSWER



I did this by extending the TagActionsBean and overriding the addTagging and removeTagging methods. In my case I allow actions based on group memberships. So within addTagging and removeTagging I call a custom method to check membership – the custom method gets Principal and determines group membership (see below) – if user is allowed to add/remove tags custom method returns true, otherwise false…

private boolean taggingIsPermitted(DocumentModel currentDocument) {
    // document is locked so do not permit tagging action
    if (currentDocument.isLocked()) {
        return false;
    }

    // if document is not locked then check to make sure READ only users cannot tag
    Principal principal = documentManager.getPrincipal();
    NuxeoPrincipal np = (NuxeoPrincipal) principal;
    if (!(np.isMemberOf("librarians") || np.isMemberOf("managers") || np.isMemberOf("powerusers"))) {
        return false;
    }

    return true;
}
0 votes