Thanks Tiry that worked.
I created a separate handler for the condition I need and now the Delete
button is highlighted even if a user doesn't have removeChildren rights in
a given container, so long as they are the creator of the selected
document.
// DBG: modify to enable the ability to override explicit folder/doc
rights with rights implied by ownership
public boolean checkDeletePermOnParents(List<DocumentModel>
docsToDelete) {
//List<DocumentRef> parentRefs =
DocumentsListsUtils.getParentRefFromDocumentList(docsToDelete);
DocumentRef parentRef;
for (DocumentModel doc : docsToDelete) {
//for (DocumentRef parentRef : parentRefs) {
try {
parentRef = doc.getParentRef();
// if the current user has removeChildren capability in
this container then we're cool
if (documentManager.hasPermission(parentRef,
SecurityConstants.REMOVE_CHILDREN)) {
return true;
}
// if current user doesn't have removeChildren capability
then we need to ensure that the
// currentUser is the dc:creator of the document selected
for delete; if this test fails for
// any selected documents then exit with false (Delete
button will only show iff user is
// creator of *all* selected documents)
String creator = null;
creator = (String) doc.getPropertyValue("dc:creator");
if (creator != null && !creator.equals(currentUser
.getName())) {
return false;
}
} catch (ClientException e) {
log.error(e);
}
}
// if didn't exit explicitly above then user has permissions to
delete on all selected documents
return true;
}
Cheers,
Bruce.
From: Thierry Delprat <[email protected]>
To: Bruce Grant <[email protected]>
Cc: [email protected]
Date: 02/23/2010 12:08 PM
Subject: Re: [Ecm] AbstractSecurityPolicy
Hi,
The delete action is by default bound to a bean that check removeChildren
first.
If you policy is to accept delete when user is owner the you also need to
override the action filter to bind it to a bean that will only check the
perm on the target document.
>From the securitypolicy, you have no clean ways to access the selected
document in the seam context.
Tiry
On 23 Feb 2010 16:01, "Bruce Grant" <[email protected]> wrote:
Hi Tiry,
My challenge is that the 'Delete' button is not enabled in the view
because the user does not have the RemoveChildren right in the folder and
my policy will not override that right because the author of the folder is
not the author of the document to be deleted. If on the call made to check
the RemoveChildren I could get access to the selected document then I
could check to see if the current user is the author of the selected
document and give the user RemoveChildren right (and then presumably I
would see the Delete button ;-))
Cheers,
Bruce.
--------------------
metaLogic
ph. +1.905.629.7775 x225
fax +1.905.629.9887
http://metaLogic.ca
From: Thierry Delprat <[email protected]>
To: Bruce Grant <[email protected]>
Cc: [email protected]
Date: 02/23/2010 08:57 AM
Subject: Re: [Ecm] AbstractSecurityPolicy
Hi Bruce,
The Core will do a double check :
- check for the Remove Permission on the documen...
_______________________________________________
ECM mailing list
[email protected]
http://lists.nuxeo.com/mailman/listinfo/ecm
To unsubscribe, go to http://lists.nuxeo.com/mailman/options/ecm
