Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-17933

Allow downloads to get per-blob security policies (download permissions)



    • Type: New Feature
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 7.4
    • Component/s: Core


      Allow the configuration of security policies that will allow or not a blob to be downloaded by a user based on various factors.

      A rule can be coded in JavaScript to determine whether download is allowed based on the following values:

      • the document,
      • the blob,
      • the blob's xpath,
      • the current user,
      • the blob provenance (i.e. the download reason, for instance "rendition"),
      • the rendition name, or other extended info available in the download context.

      The new configuration is done through the following extension point:

        <extension target="org.nuxeo.ecm.core.io.download.DownloadService" point="permissions">
          <permission name="myperm">
            <script language="JavaScript">
              function run() {
                if (CurrentUser.getName() != "bob") {
                  return false;
                if (!CurrentUser.getGroups().contains("members")) {
                  return false;
                if (Document.getPropertyValue("dc:format") != "pdf") {
                  return false;
                if (Reason != "rendition") {
                  return false;
                if (Rendition != "myrendition") {
                  return false;
                if (Blob.getFilename() != "myfile.txt") {
                  return false;
                if (XPath == "file:content" || XPath == "blobholder:0") {
                  return false;
                return true;

      The language can be any JVM scripting language, the default is "JavaScript".

      The script must define a run() function that returns a boolean:

      • true means that downloading the blob is not disallowed by this permission.
      • false means that downloading the blob is forbidden.

      The method will get called with the following global context (some values may be null): Document (DocumentModel), XPath (String), Blob (Blob), CurrentUser (NuxeoPrincipal), Reason (String), Rendition (String), Infos (Map).

      If there are several permissions defined, a single one returning false is sufficient to forbid the blob download.

      See the full documentation at https://doc.nuxeo.com/x/BI_RAQ


          Issue Links



              • Votes:
                0 Vote for this issue
                2 Start watching this issue


                • Created: