topic Re: Custom Security policy in Nuxeo Forum

Custom Security policy

a_c — Tue, 05 Nov 2019 00:21:38 GMT

Hi, I need to block deletion of specific document types by user groups. I understand I need to write a custom security policy in order to achieve this, but I'm not sure how. So far, I have a java class extends AbstractSecurityPolicy implements SecurityPolicy that overrides the checkPermission method that returns an Access class which grants or denies permission. Is this the right way to do it? Or will it simply block the read permissions? Any help would be appreciated.

Thanks in advance

Re: Custom Security policy

Gregory_Carlin — Tue, 05 Nov 2019 15:34:45 GMT

Hello,

I strongly advise you to watch https://university.nuxeo.com/learn/course/external/view/elearning/171/SecurityPolicies. It contains all the needed information with a practical use case (sources are available to help you).

General steps are:

Create your project with Nuxeo CLI
Initialize your JAVA Class
Write the CheckPermission method logic
Build your SQLQueryTransformer
Create an XML Extension
Create your marketplace package

Regards

Re: Custom Security policy

a_c — Tue, 05 Nov 2019 19:33:32 GMT

Thank you for your answer! But I have another issue

Re: Custom Security policy

Gregory_Carlin — Tue, 05 Nov 2019 19:50:44 GMT

Security Policies are core securities: therefore, they are not "controlled" by the UI, leading by the kind of erro you have (the typical 403 - PERMISSION DENIED). So I would advice to implement UI logics (with Javascript to implement your conditions, in nuxeo-filter elements) in addition to the security policies.