Extension point permissions
In component org.nuxeo.ecm.core.io.download.DownloadService
Documentation
Defines the permissions associated to blob download. Contributions are of the form:
<permission name="myperm">
<script language="JavaScript">
function run() {
if (CurrentUser.getName() != "bob") {
return false;
}
if (!CurrentUser.getGroups().contains("members")) {
return false;
}
if (Document.getPropertyValue("dc:format") != "pdf") {
return false;
}
if (Reason != "rendition") {
return false;
}
if (Rendition != "myrendition") {
return false;
}
if (Blob.getFilename() != "myfile.txt") {
return false;
}
if (XPath == "file:content" || XPath == "blobholder:0") {
return false;
}
return true;
</script>
</permission>
The language can be any JVM scripting language, the default is "JavaScript".
The script must define a "run()" function that returns a boolean: - true means that downloading the blob is not disallowed by this permission. - false means that downloading the blob is forbidden. The method will get called with the following global context (some values may be null): Document (DocumentModel), XPath (String), Blob (Blob), CurrentUser (NuxeoPrincipal), Reason (String), Rendition (String), Infos (Map).
If there are several permissions defined, a single one returning false is sufficient to forbid the blob download.
Contribution Descriptors
- Class: org.nuxeo.ecm.core.io.download.DownloadPermissionDescriptor