Hyland Community
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Audit log when Document access is forbidden (User Cannot Read the Document)

Go to answer
Klyff_Harlley1
Champ on-the-rise
Champ on-the-rise

‎03-05-2016 07:38 AM

How to create a Audit Log (or even a History line of Document) in Nuxeo when a User that don't have permission to read the , but try to access with a permalink?

That are some way to do by extension point?

I know is possible to do by listening events on document. (https://doc.nuxeo.com/display/NXDOC/Audit#Audit-Event)

But dont exists any event like “no_access_granted_for_document” or some other way to do?

-I think the Access Check (hasPermission) happens before the Audit be available for. I'm wrong?

0 Kudos
1 ACCEPTED ANSWER

Go to answer
Florent_Guillau
World-Class Innovator
World-Class Innovator

‎03-31-2016 09:57 AM

You're right, there's no event sent when permissions checks failed and access to a document is denied. So what you're trying to do is not currently possible without changing some code inside Nuxeo.

View answer in original post

6 REPLIES 6

Go to answer
Florent_Guillau
World-Class Innovator
World-Class Innovator

‎03-31-2016 09:57 AM

You're right, there's no event sent when permissions checks failed and access to a document is denied. So what you're trying to do is not currently possible without changing some code inside Nuxeo.

Go to answer
Klyff_Harlley1
Champ on-the-rise
Champ on-the-rise

‎03-31-2016 10:18 AM

Hi Florent.

Yes, I thought about it. So, I'll try doing it inside AbstractSession.java (hasPermission methods), for having the event fired and a simple contrib to handle that event. It's be a good way? What do you think?

Thanks!

0 Kudos

Go to answer
Florent_Guillau
World-Class Innovator
World-Class Innovator
In response to Klyff_Harlley1

‎03-31-2016 10:23 AM

It will mostly work but please be aware that there are a number of places where DocumentException is caught and ignored, so you'll get spurious logs. For instance CoreSession.getDocuments does this, or Nuxeo Drive. Maybe DefaultNuxeoExceptionHandler or a subclass, when calling ExceptionHelper.isSecurityError, would be a better location.

0 Kudos

Go to answer
Florent_Guillau
World-Class Innovator
World-Class Innovator
In response to Klyff_Harlley1

‎03-31-2016 10:36 AM

Note that if you modify Nuxeo code you're on your own for future upgrades, it's very likely that this area of the code will change in future releases.

0 Kudos

Go to answer
Klyff_Harlley1
Champ on-the-rise
Champ on-the-rise
In response to Klyff_Harlley1

‎04-03-2016 08:42 AM

Sounds Good! I think ExceptionHelper.isSecurityError should work.

0 Kudos

Go to answer
Klyff_Harlley1
Champ on-the-rise
Champ on-the-rise

‎04-03-2016 08:41 AM

Yes, I know that.

Thank you very much Florent!

0 Kudos
Getting started

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC
li.common.scroll-to.top