Hi Bruce, The Core will do a double check : - check for the Remove Permission on the document you want to delete - check for the Remove Children permission on the container
=> You should be called twice 1 - one call on the container => nothing to do 2 - one call on the document => apply owner policy Tiry On 23 February 2010 14:38, Bruce Grant <[email protected]> wrote: > I would like to support the use case where the owner of a document has all > rights on the documents irrespective of explicitly defined access controls. > So I added the following Security Policy. I know the policy is running > because I have run the server in debug mode with a breakpoint set. > > public class AuthorSecurityPolicy extends AbstractSecurityPolicy { > > public Access checkPermission(Document doc, ACP mergedAcp, Principal > principal, String permission, > String*] resolvedPermissions, String[* > <http://www.nuxeo.org/discussions/>additionalPrincipals) { > > Access access = Access.UNKNOWN; > > String creator = null; > if (doc != null) { > try { > creator = (String) doc.getPropertyValue("dc:creator"); > } catch (DocumentException e) { > } > } > if (creator != null && creator.equals(principal.getName())) { > access = Access.GRANT; > } > return access; > } > } > > This works well for edit and save, but does not work for the delete case. > > Here's the scenario: > - I'm viewing a list of documents in a folder > - I select a document that i want to delete > - The logged in user is the creator of the document selected > - The 'Delete' action button remains grayed out > > I know the root cause - the issue is that the Document doc in the > AuthorSecurityPolicy.checkPermission(Document doc, ...) refers to the folder > document itself rather than the selected document (and in my case the > selected document is NOT created by the logged in user). And I know the > selected document is available in the current seam conversation context. > > So, what I would like to be able to do is to get the list of selected > documents (in my AuthorSecurityPolicy) so that I can check whether the > logged in user should be able to delete the selected docs. > > What isn't obvious to me is how to get the list of selected documents. > > Any ideas? > > Thanks, > Bruce. > _______________________________________________ > ECM mailing list > [email protected] > http://lists.nuxeo.com/mailman/listinfo/ecm > To unsubscribe, go to http://lists.nuxeo.com/mailman/options/ecm > >
_______________________________________________ ECM mailing list [email protected] http://lists.nuxeo.com/mailman/listinfo/ecm To unsubscribe, go to http://lists.nuxeo.com/mailman/options/ecm
