Hyland Connect

Julien_A_ · ‎09-17-2012

Hello everybody,

I'm currently working for an IT project and I'd like to customize the visibility of my documents according to the document's State, using the User Groups

Here's my example :

I created a user group called "Developer" for all our developers

if the document is in the Draft state, "Developer" users cannot see the document
when the document is in the Validated state, it automatically appears for "Developer" people

How can I do that ?

Thanks a lot, Julien

Benjamin_Jalon1 · ‎09-20-2012

There is other way than Security Policy to implement this use case. Here, I assume your document is draft only after creation (certainly a simplification against your use case), but you will have the idea to implement if the document goes back to draft, I let you do it:

Create an eventHandler for creation Event :

Events : Document Created
Document type : yourDocType
Operation chain :
Fetch Context Document
User & Groups > Login As (let empty field)
Document > Set ACL : ReadWrite / yourGroup / aNameOfYourChoice / grant checked
Document > Set ACL : Everything / Everyone / aNameOfYourChoice / grant unchecked
User & Groups > Logout

And create a second eventHandler for the transition

Events : Lifecycle transition event
Document type : yourDocType
Operation chain :
Fetch Context Document
User & Groups > Login As (let empty field)
Document > remove ACL : aNameOfYourChoice
User & Groups > Logout

I think that's all. This is not the best implementation, I will suggest for a production server with a large volume of data a security policy. But this is fine for small/medium project.

View answer in original post

Benjamin_Jalon1 · ‎09-20-2012

The best way is to use a Security Policy manage through Nuxeo IDE :

to start here is the link
Then create a Nuxeo Plugin project
Click on yellow NX link / Security / Security Policy
Give a name to your Security Policy (it will be the name of the classe that implements your logic) / set the order to -100 (to be sure to be the first one)

And finally in checkPermission method fill like the that:

public Access checkPermission(Document doc, ACP mergedAcp,
        Principal principal, String permission,
        String[] resolvedPermissions, String[] additionalPrincipals)
        throws SecurityException {
    NuxeoPrincipal nxPrincipal = (NuxeoPrincipal) principal;

    boolean isReadWriteAccess = false
    for (String permissionTmp : resolbedPermissions) {
      if ("ReadWrite".equals(permissionTmp) {
        isReadWriteAccess = true;
      }
    }
    if (isReadWriteAccess && "Validated".equals(doc.getLifeCycleState() && nxPrincipal.isMemberOf("developer")) {
      return Access.DENY;
    }

    ... I think you understood the idea, implement your stuff...

    return Access.UNKNOWN;
}

To not have bad response time and problems for paginations, you will have also to implement the query transformer (see interface the class implement).

That's it.

Julien_A_ · ‎09-20-2012

Super ! Merci, that's great

Benjamin_Jalon1 · ‎09-20-2012

De rien vraiment, j'insiste

Julien_A_ · ‎09-20-2012

ok thanks ! I'm waiting for your answer just for Studio... I can't wait to have it ! ahah

Benjamin_Jalon1 · ‎09-20-2012

There is other way than Security Policy to implement this use case. Here, I assume your document is draft only after creation (certainly a simplification against your use case), but you will have the idea to implement if the document goes back to draft, I let you do it:

Create an eventHandler for creation Event :

Events : Document Created
Document type : yourDocType
Operation chain :
Fetch Context Document
User & Groups > Login As (let empty field)
Document > Set ACL : ReadWrite / yourGroup / aNameOfYourChoice / grant checked
Document > Set ACL : Everything / Everyone / aNameOfYourChoice / grant unchecked
User & Groups > Logout

And create a second eventHandler for the transition

Events : Lifecycle transition event
Document type : yourDocType
Operation chain :
Fetch Context Document
User & Groups > Login As (let empty field)
Document > remove ACL : aNameOfYourChoice
User & Groups > Logout

I think that's all. This is not the best implementation, I will suggest for a production server with a large volume of data a security policy. But this is fine for small/medium project.

Julien_A_ · ‎09-20-2012

OK that's going to help me a lot ! You should really do a bigger tutorial about EventHandler, I just discovered it and it seems to be very, very useful ! A tutorial which would explain how to "automatically rename the title depending on some other fields values", "inherit some metadata from other content"...

Julien_A_ · ‎09-20-2012

one last question

Julien_A_ · ‎09-20-2012

en gros je veux juste qu'à sa création, un document soit invisible aux développeurs, mais qu'il apparaisse automatiquement dès qu'il est validé...

Benjamin_Jalon1 · ‎09-20-2012

Ok my mistake I read can instead cannot... I modify my answer to follow your question.

Hyland Connect

Visibility of documents according to the State