@Override protected Access applyPolicyToLeaf(Document doc, Principal principal, String[] resolvedPermissions) throws DocumentException { Access access = Access.UNKNOWN; boolean isCreator = isCreator(doc, principal); if (!isCreator) { isCreator = wasCreator(doc, principal); } if (isCreator) { // Contributor can read, update, move and remove its documents (leafs) String[] allowedPerms = org.nuxeo.common.utils.ArrayUtils.intersect(super.getDocumentPermissions(), resolvedPermissions); if (ArrayUtils.isNotEmpty(allowedPerms)) { access = Access.GRANT; } } // Continue SesurityServiceImpl#checkPermission return access; }
/** * Only creator can update, delete document. * * @param doc * @param principal * @return grant if principal is document's creator * @throws DocumentException */ protected Access applyPolicy(Document doc, Principal principal, String[] resolvedPermissions) throws DocumentException { // Permissions to simulate String[] simulatedPerms = null; if (isCreator(doc, principal)) { // Contributor can update, remove and move simulatedPerms = (String[]) ArrayUtils.addAll(getSimulatedDocumentPermissions(), getSimulatedParentPermissions()); } else { // He can add and import documents in Folder he hasn't created (not his) // he can also copy not his simulatedPerms = getNotConditionedParentPermissions(); } String[] allowedPerms = org.nuxeo.common.utils.ArrayUtils.intersect(simulatedPerms, resolvedPermissions); if (ArrayUtils.isNotEmpty(allowedPerms)) { return Access.GRANT; } // Continue SesurityServiceImpl#checkPermission return Access.UNKNOWN; }