I would like to support the use case where the owner of a document has all
rights on the documents irrespective of explicitly defined access
controls. So I added the following Security Policy. I know the policy is
running because I have run the server in debug mode with a breakpoint set.
public class AuthorSecurityPolicy extends AbstractSecurityPolicy {
public Access checkPermission(Document doc, ACP mergedAcp, Principal
principal, String permission,
String] resolvedPermissions, String[ additionalPrincipals) {
Access access = Access.UNKNOWN;
String creator = null;
if (doc != null) {
try {
creator = (String) doc.getPropertyValue("dc:creator");
} catch (DocumentException e) {
}
}
if (creator != null && creator.equals(principal.getName())) {
access = Access.GRANT;
}
return access;
}
}
This works well for edit and save, but does not work for the delete case.
Here's the scenario:
- I'm viewing a list of documents in a folder
- I select a document that i want to delete
- The logged in user is the creator of the document selected
- The 'Delete' action button remains grayed out
I know the root cause - the issue is that the Document doc in the
AuthorSecurityPolicy.checkPermission(Document doc, ...) refers to the
folder document itself rather than the selected document (and in my case
the selected document is NOT created by the logged in user). And I know
the selected document is available in the current seam conversation
context.
So, what I would like to be able to do is to get the list of selected
documents (in my AuthorSecurityPolicy) so that I can check whether the
logged in user should be able to delete the selected docs.
What isn't obvious to me is how to get the list of selected documents.
Any ideas?
Thanks,
Bruce. _______________________________________________
ECM mailing list
[email protected]
http://lists.nuxeo.com/mailman/listinfo/ecm
To unsubscribe, go to http://lists.nuxeo.com/mailman/options/ecm
