Platform Explorer / Nuxeo Platform 2021.56

Extension point permissions

In component org.nuxeo.ecm.core.io.download.DownloadService

Documentation

Defines the permissions associated to blob download. Contributions are of the form: 

    <permission name="myperm">
        <script language="JavaScript">
            function run() {
              if (CurrentUser.getName() != "bob") {
                return false;
              }
              if (!CurrentUser.getGroups().contains("members")) {
                return false;
              }
              if (Document.getPropertyValue("dc:format") != "pdf") {
                return false;
              }
              if (Reason != "rendition") {
                return false;
              }
              if (Rendition != "myrendition") {
                return false;
              }
              if (Blob.getFilename() != "myfile.txt") {
                return false;
              }
              if (XPath == "file:content" || XPath == "blobholder:0") {
                return false;
              }
              return true;
          </script>
    </permission>

The language can be any JVM scripting language, the default is "JavaScript".

The script must define a "run()" function that returns a boolean: - true means that downloading the blob is not disallowed by this permission. - false means that downloading the blob is forbidden. The method will get called with the following global context (some values may be null): Document (DocumentModel), XPath (String), Blob (Blob), CurrentUser (NuxeoPrincipal), Reason (String), Rendition (String), Infos (Map).

If there are several permissions defined, a single one returning false is sufficient to forbid the blob download.

Contribution Descriptors

  • Class: org.nuxeo.ecm.core.io.download.DownloadPermissionDescriptor

Contributions

No known contributions.