https://connect.hyland.com/t5/nuxeo-forum/audit-log-when-document-access-is-forbidden-user-cannot-read-the/m-p/325675#M12676 <P>Yes, I know that.</P> <P>Thank you very much Florent!</P> Sun, 03 Apr 2016 12:41:40 GMT Klyff_Harlley1 2016-04-03T12:41:40Z https://connect.hyland.com/t5/nuxeo-forum/audit-log-when-document-access-is-forbidden-user-cannot-read-the/m-p/325670#M12671 <P>How to create a Audit Log (or even a History line of Document) in Nuxeo when a User that don't have permission to read the , but try to access with a permalink?</P> <P>That are some way to do by extension point?</P> <P>I know is possible to do by listening events on document. (https://doc.nuxeo.com/display/NXDOC/Audit#Audit-Event)</P> <P>But dont exists any event like “no_access_granted_for_document” or some other way to do?</P> <P>-I think the Access Check (hasPermission) happens before the Audit be available for. I'm wrong?</P> Sat, 05 Mar 2016 12:38:40 GMT https://connect.hyland.com/t5/nuxeo-forum/audit-log-when-document-access-is-forbidden-user-cannot-read-the/m-p/325670#M12671 Klyff_Harlley1 2016-03-05T12:38:40Z https://connect.hyland.com/t5/nuxeo-forum/audit-log-when-document-access-is-forbidden-user-cannot-read-the/m-p/325671#M12672 <P>You're right, there's no event sent when permissions checks failed and access to a document is denied. So what you're trying to do is not currently possible without changing some code inside Nuxeo.</P> Thu, 31 Mar 2016 13:57:56 GMT https://connect.hyland.com/t5/nuxeo-forum/audit-log-when-document-access-is-forbidden-user-cannot-read-the/m-p/325671#M12672 Florent_Guillau 2016-03-31T13:57:56Z https://connect.hyland.com/t5/nuxeo-forum/audit-log-when-document-access-is-forbidden-user-cannot-read-the/m-p/325672#M12673 <P>Hi Florent.</P> <P>Yes, I thought about it. So, I'll try doing it inside AbstractSession.java (hasPermission methods), for having the event fired and a simple contrib to handle that event. It's be a good way? What do you think?</P> <P>Thanks!</P> Thu, 31 Mar 2016 14:18:06 GMT https://connect.hyland.com/t5/nuxeo-forum/audit-log-when-document-access-is-forbidden-user-cannot-read-the/m-p/325672#M12673 Klyff_Harlley1 2016-03-31T14:18:06Z https://connect.hyland.com/t5/nuxeo-forum/audit-log-when-document-access-is-forbidden-user-cannot-read-the/m-p/325673#M12674 <P>It will mostly work but please be aware that there are a number of places where DocumentException is caught and ignored, so you'll get spurious logs. For instance <CODE>CoreSession.getDocuments</CODE> does this, or Nuxeo Drive. Maybe <CODE>DefaultNuxeoExceptionHandler</CODE> or a subclass, when calling <CODE>ExceptionHelper.isSecurityError</CODE>, would be a better location.</P> Thu, 31 Mar 2016 14:23:17 GMT https://connect.hyland.com/t5/nuxeo-forum/audit-log-when-document-access-is-forbidden-user-cannot-read-the/m-p/325673#M12674 Florent_Guillau 2016-03-31T14:23:17Z https://connect.hyland.com/t5/nuxeo-forum/audit-log-when-document-access-is-forbidden-user-cannot-read-the/m-p/325674#M12675 <P>Note that if you modify Nuxeo code you're on your own for future upgrades, it's very likely that this area of the code will change in future releases.</P> Thu, 31 Mar 2016 14:36:41 GMT https://connect.hyland.com/t5/nuxeo-forum/audit-log-when-document-access-is-forbidden-user-cannot-read-the/m-p/325674#M12675 Florent_Guillau 2016-03-31T14:36:41Z https://connect.hyland.com/t5/nuxeo-forum/audit-log-when-document-access-is-forbidden-user-cannot-read-the/m-p/325675#M12676 <P>Yes, I know that.</P> <P>Thank you very much Florent!</P> Sun, 03 Apr 2016 12:41:40 GMT https://connect.hyland.com/t5/nuxeo-forum/audit-log-when-document-access-is-forbidden-user-cannot-read-the/m-p/325675#M12676 Klyff_Harlley1 2016-04-03T12:41:40Z https://connect.hyland.com/t5/nuxeo-forum/audit-log-when-document-access-is-forbidden-user-cannot-read-the/m-p/325676#M12677 <P>Sounds Good! I think ExceptionHelper.isSecurityError should work.</P> Sun, 03 Apr 2016 12:42:19 GMT https://connect.hyland.com/t5/nuxeo-forum/audit-log-when-document-access-is-forbidden-user-cannot-read-the/m-p/325676#M12677 Klyff_Harlley1 2016-04-03T12:42:19Z