Functional permissions in nuxeo

Ritesh_Kumar — Tue, 05 Mar 2019 11:47:41 GMT

I have been trying to understand the permission management in nuxeo. As far as my understanding, ACLs are attached to a document, and they contain the information whether a user can read/write/remove the document. I wanted to know if these ACLs are used to display/hide the buttons such as "Edit"/"Delete" on the UI (when we view a particular document) or is there a different mechanism for that.

I also went through this link, which gives the mapping of permissions to allowed functions. In my understanding ACLs control the rendering of different buttons based on different types of access rights. I want to know if my understanding is correct?

Re: Functional permissions in nuxeo

ssze_ — Thu, 25 Jul 2019 08:07:11 GMT

ACLs are set on documents. There are the default Read, Write, Everything permssions but they can be customized:

  <extension target="org.nuxeo.ecm.core.security.SecurityService" point="permissions">

        <!--
            customized Write permission
        -->
        <permission name="Write">
            <remove>Remove</remove>
        </permission>

        <!--
            customized ReadWriteAndRemove permission
            does the same as the default nuxeo ReadWrite permission
        -->
        <permission name="ReadWriteAndRemove">
            <include>Read</include>
            <include>Write</include>
            <include>Remove</include>
        </permission>

        <!-- custom Permission -->
        <permission name="GetPersistentId">
            <include>ReadWrite</include>
        </permission>
    </extension>


    <extension target="org.nuxeo.ecm.core.security.SecurityService" point="permissionsVisibility">
        <visibility>
            <item show="true" order="10">Read</item>
            <item show="true" order="20">ReadWrite</item>
            <item show="true" order="30">ReadWriteAndRemove</item>
            <item show="true" order="40">Everything</item>
            <item show="true" order="50">GetPersistentId</item>
        </visibility>
    </extension>

In the WebUI there are slots that have their own permissions (buttons, drawer items, ...). All permissions defined above can be used on the slots:

<nuxeo-slot-content name="addFacetAction" slot="DOCUMENT_ACTIONS" order="2>
  <template>
    <nuxeo-filter document="[[document]]" permission="Write" state="project" type="File">
	  <template>
		<addfacets-action document="[[document]]"></addfacets-action>
	  </template>
    </nuxeo-filter>
</nuxeo-slot-content>

Even though it's a rather late response, I hope it helps.

Best

Stefan

topic Re: Functional permissions in nuxeo in Nuxeo Forum

Functional permissions in nuxeo

Re: Functional permissions in nuxeo