How to prevent user with ONLY READ permission from deleting, modifying, and adding tags?

altan_ — Sat, 16 Aug 2014 14:50:06 GMT

I need a situation where user with only READ permission can't add tags, delete or modify tags added by another user which has higher granted permission.
/> Please, can someone help me?
/> I would be very grateful, Thanks.

Re: How to prevent user with ONLY READ permission from deleting, modifying, and adding tags?

bruce_Grant — Tue, 26 Aug 2014 22:47:49 GMT

I did this by extending the TagActionsBean and overriding the addTagging and removeTagging methods. In my case I allow actions based on group memberships. So within addTagging and removeTagging I call a custom method to check membership -- the custom method gets Principal and determines group membership (see below) -- if user is allowed to add/remove tags custom method returns true, otherwise false...

private boolean taggingIsPermitted(DocumentModel currentDocument) {
	// document is locked so do not permit tagging action
	if (currentDocument.isLocked()) {
		return false;
	}
	
	// if document is not locked then check to make sure READ only users cannot tag
	Principal principal = documentManager.getPrincipal();
	NuxeoPrincipal np = (NuxeoPrincipal) principal;
	if (!(np.isMemberOf("librarians") || np.isMemberOf("managers") || np.isMemberOf("powerusers"))) {
		return false;
	}
	
	return true;
}

topic Re: How to prevent user with ONLY READ permission from deleting, modifying, and adding tags? in Nuxeo Forum

How to prevent user with ONLY READ permission from deleting, modifying, and adding tags?

Re: How to prevent user with ONLY READ permission from deleting, modifying, and adding tags?