Nuxeo Server

How to Grant the Edit Permission without the Remove Permission

Updated: October 13, 2017 Page Information Edit on GitHub

As described on the page Managing Permissions, the Edit permission visible in the UI contains the permission to remove content. This means that you cannot grant the Edit permission and deny the Remove access right at the same level of the repository. So you need to override the default Write permission to be able to do that.

Procedure

  1. Add a new contribution to remove the Remove permission from Write permission.

      <extension target="org.nuxeo.ecm.core.security.SecurityService"
        point="permissions">
        <permission name="Write">
          <remove>Remove</remove>
        </permission>
     </extension>
    

    This change will make the permission ReadWrite, displayed under the permission label "Edit" in the UI, act as wanted: it no longer includes the right to remove content.

    If you want users to be able to add and remove content, you must now grant them the Edit permission and the Remove permission. Or you can add a new permission that will behave like the default ReadWrite permission used to.

  2. Define a new global permission to read, edit and remove content.

      <extension target="org.nuxeo.ecm.core.security.SecurityService"
        point="permissions">
       <permission name="ReadWriteAndRemove">
            <include>Read</include>
            <include>Write</include>
            <include>Remove</include>
        </permission>
      </extension>
    
  3. Make the new ReadWriteAndRemove permission visible in the drop down list in the UI.

    <extension point="permissionsVisibility" target="org.nuxeo.ecm.core.security.SecurityService">
        <visibility>
          <item order="10" show="true">Read</item>
          <item denyPermission="Write" order="50" show="true">ReadWrite</item>
          <item denyPermission="Write" order="55" show="true">ReadWriteAndRemove</item>
          <item denyPermission="Remove" order="60" show="true">ReadRemove</item>
          <item order="100" show="true">Everything</item>
        </visibility>
      </extension>
    

  4. Add the new permission label to your internationalization files.

  5. Deploy your customizations.

 


9 days ago manonlumeau NXDOC-1346-FT review screenshot
2 years ago Manon Lumeau 10
2 years ago Manon Lumeau 9
2 years ago Manon Lumeau 8
2 years ago Manon Lumeau 7
2 years ago Manon Lumeau 6
2 years ago Ronan Daniellou 5 | Added a 'heading' for the procedure (prevents TOC being empty)
2 years ago Ronan Daniellou 4 | Added Nuxeo TOC panel
3 years ago Solen Guitter 3
3 years ago Thierry Martins 2
3 years ago Thierry Martins 1
History: Created by Thierry Martins