Uploaded image for project: 'Nuxeo Enhanced Viewer'
  1. Nuxeo Enhanced Viewer
  2. NEV-523

Granted users can redact content into NEV

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Resolved
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: None
    • Fix Version/s: Next
    • Component/s: ARender, Nuxeo Connector

      Description

      Prerequisites

      • ARender is the default and only viewer
      • download, export, print are disabled from Nuxeo side

      User story

      As a granted user, I want to be able to hide part of the content of a document for the other users, so that I can restrict access to sensitive data even for users granted to view the document.

      Description

      The content redaction feature allows to obfuscate some content of a document. The goal is to fully hide the content for all, or part of, the other users in all conditions, meaning in case of they:

      • display the document,
      • search (including fulltext search) into the document,
      • download the document,
      • print the document,
      • export the document,

      This involves to integrate the content redact feature of ARender into Nuxeo thanks to the usage of:

      • Nuxeo standard permissions (mostly read, and manage everything),
      • a specific and new Nuxeo permission "Obfuscate",
      • a mapping between Nuxeo permissions and ARender roles (admin vs user),

      Acceptance criteria

      User with read + obfuscate permissions:

      • User with at least read+obfuscate permissions can see the "content redact" button
      • User with at least read+obfuscate permissions can add a redaction annotation
      • User with at least read+obfuscate permissions can see/search obfuscated content if he is the author of the annotation
      • User with at least read+obfuscate permissions can see/search obfuscated content if he is NOT the author of the annotation
      • User with at least read+obfuscate permissions can delete a content redaction annotation if he is the author of the annotation
      • User with at least read+obfuscate permissions can delete a content redaction annotation if he is NOT the author of the annotation
      • User with at least read+obfuscate permissions can download obfuscated versions
      • User with at least read+obfuscate permissions can download non obfuscated versions
      • User with at least read+obfuscate permissions can download document+FDF (so not obfuscated content)
      • User with at least read+obfuscate permissions can print obfuscated versions
      • User with at least read+obfuscate permissions can print non obfuscated versions

      User without obfuscate permission (except Administrators and users with Manage Everything):

      • User without obfuscate permission can NOT see the redaction button
      • User without obfuscate permission can NOT add redaction annotation
      • User without obfuscate permission can NOT see/search obfuscated content
      • User without obfuscate permission can NOT delete a content redaction annotation
      • User without obfuscate permission can download obfuscated versions
      • User without obfuscate permission can NOT download non obfuscated versions
      • User without obfuscate permission can print obfuscated versions
      • User without obfuscate permission can NOT print non obfuscated versions
      • User without obfuscate permission can NOT download document+FDF (so not obfuscated content)

      User with Manage Everything permission or Administrators:

      • User with Manage Everything permission and Administrators can see the "content redact" button
      • User with Manage Everything permission and Administrators can add a redaction annotation
      • User with Manage Everything permission and Administrators can see/search obfuscated content if he is the author of the annotation
      • User with Manage Everything permission and Administrators can see/search obfuscated content if he is NOT the author of the annotation
      • User with Manage Everything permission and Administrators can delete a content redaction annotation if he is the author of the annotation
      • User with Manage Everything permission and Administrators can delete a content redaction annotation if he is NOT the author of the annotation
      • User with Manage Everything permission and Administrators can download obfuscated versions
      • User with Manage Everything permission and Administrators can download non obfuscated versions
      • User with Manage Everything permission and Administrators can download document+FDF (so not obfuscated content)
      • User with Manage Everything permission and Administrators can print obfuscated versions
      • User with Manage Everything permission and Administrators can print non obfuscated versions

        Attachments

          Issue Links

          duplicates

          Epic - Created by Jira Software - do not edit or delete. Issue type for a big user story that needs to be broken down. NEV-518 NEV - Content Redaction

          • Major - Major loss of function.
          • Resolved
          is related to

          Bug - A problem which impairs or prevents the functions of the product. NEV-353 Fix ARender session conflict

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                jaubenque Julien Aubenque
                Participants:
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: