Ask Question
« General Questions on Nuxeo

How to prevent user with ONLY READ permission from deleting, modifying, and adding tags?

I need a situation where user with only READ permission can't add tags, delete or modify tags added by another user which has higher granted permission.
Please, can someone help me?
I would be very grateful, Thanks.

altan
Member (25)   1   1   1 		08/16/2014 ( History)
0 votes
1 answers
1588 views
ANSWER
ANSWERS

I did this by extending the TagActionsBean and overriding the addTagging and removeTagging methods. In my case I allow actions based on group memberships. So within addTagging and removeTagging I call a custom method to check membership – the custom method gets Principal and determines group membership (see below) – if user is allowed to add/remove tags custom method returns true, otherwise false…

private boolean taggingIsPermitted(DocumentModel currentDocument) {
    // document is locked so do not permit tagging action
    if (currentDocument.isLocked()) {
        return false;
    }

    // if document is not locked then check to make sure READ only users cannot tag
    Principal principal = documentManager.getPrincipal();
    NuxeoPrincipal np = (NuxeoPrincipal) principal;
    if (!(np.isMemberOf("librarians") || np.isMemberOf("managers") || np.isMemberOf("powerusers"))) {
        return false;
    }

    return true;
}
bruce Grant
Member (7.6K)   2   7   6 		08/26/2014 ( History)
0 votes
Follow
Tags
Linked Questions
Related Questions
Why user with ONLY READ permission can remove tags added by another user?
Is permission configuration for directories ignored?
Removing Publish right
Access right for group: cannot deny "remove" permission while granting "write" permission.
ReST API call for blocking inherited rights
PCLM Share Action
Custom Security policy
Functional permissions in nuxeo
Publishing rights with users groups