Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-29138

Allow to bypass allowed subtype check in FileManager

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 10.10
    • Fix Version/s: 10.10-HF32, 11.3, 2021.0
    • Component/s: File Upload
    • Release Notes Summary:
      A new flag is exposed to bypass the subtype check when creating a document with FileManager.
    • Backlog priority:
      650
    • Upgrade notes:
      Hide

      Since 11.3 and 10.10-HF32, the allowed subtype check done by the FileManager can be bypassed using

      FileImporterContext.builder(coreSession, blob, parentpath)
              .bypassAllowedSubtypeCheck(true)
              .build();
      

      Added:

      FileImporterContext#bypassAllowedSubtypeCheck
      FileImporterContext#isBypassAllowedSubtypeCheck()
      FileImporterContext#Builder#bypassAllowedSubtypeCheck
      FileImporterContext#Builder#bypassAllowedSubtypeCheck(boolean bypassAllowedSubtypeCheck)
      AbstractFileImporter#checkSecurity(CoreSession session, String path)
      AbstractFileImporter#checkAllowedSubtypes(CoreSession session, String path, String typeName)
      

      Deprecated:

      AbstractFileImporter#doSecurityCheck(CoreSession documentManager, String path, String typeName)
      AbstractFileImporter#doSecurityCheck(CoreSession documentManager, String path, String typeName, TypeManager typeService)
      
      Show
      Since 11.3 and 10.10-HF32, the allowed subtype check done by the FileManager can be bypassed using FileImporterContext.builder(coreSession, blob, parentpath) .bypassAllowedSubtypeCheck(true) .build(); Added: FileImporterContext#bypassAllowedSubtypeCheck FileImporterContext#isBypassAllowedSubtypeCheck() FileImporterContext#Builder#bypassAllowedSubtypeCheck FileImporterContext#Builder#bypassAllowedSubtypeCheck(boolean bypassAllowedSubtypeCheck) AbstractFileImporter#checkSecurity(CoreSession session, String path) AbstractFileImporter#checkAllowedSubtypes(CoreSession session, String path, String typeName) Deprecated: AbstractFileImporter#doSecurityCheck(CoreSession documentManager, String path, String typeName) AbstractFileImporter#doSecurityCheck(CoreSession documentManager, String path, String typeName, TypeManager typeService)
    • Sprint:
      nxplatform #14, nxplatform #15, nxplatform #16, nxplatform #17
    • Story Points:
      1

      Description

      Some customers need to bypass the "security check" in AbstractFileImporter#createOrUpdate(FileImporterContext context)

          @Override
          public DocumentModel createOrUpdate(FileImporterContext context) throws IOException {
              CoreSession session = context.getSession();
              String path = getNearestContainerPath(session, context.getParentPath());
              DocumentModel container = session.getDocument(new PathRef(path));
              String targetDocType = getDocType(container); // from override or descriptor
              if (targetDocType == null) {
                  targetDocType = getDefaultDocType();
              }
              doSecurityCheck(session, path, targetDocType);
      

      Some code like below would allow not to execute the method doSecurityCheck

            if (!context.byPassSecurityCheck()) {
              doSecurityCheck(session, path, targetDocType);
            }
      

      The need is being able to create a "system" document but not let normal users create this document type, so the "security check" would remain for normal users.

       

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 0 minutes
                0m
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 4 hours, 45 minutes
                4h 45m

                  PagerDuty

                  Error rendering 'com.pagerduty.jira-server-plugin:PagerDuty'. Please contact your Jira administrators.