Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-29138

Allow to bypass allowed subtype check in FileManager

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 10.10
    • Fix Version/s: 10.10-HF32, 11.3, 2021.0
    • Component/s: File Upload
    • Release Notes Summary:
      A new flag is exposed to bypass the subtype check when creating a document with FileManager.
    • Tags:
    • Backlog priority:
      650
    • Upgrade notes:
      Hide

      Since 11.3 and 10.10-HF32, the allowed subtype check done by the FileManager can be bypassed using

      FileImporterContext.builder(coreSession, blob, parentpath)
        .bypassAllowedSubtypeCheck(true)
        .build();

      Added:

      FileImporterContext#bypassAllowedSubtypeCheck
FileImporterContext#isBypassAllowedSubtypeCheck()
FileImporterContext#Builder#bypassAllowedSubtypeCheck
FileImporterContext#Builder#bypassAllowedSubtypeCheck(boolean bypassAllowedSubtypeCheck)
AbstractFileImporter#checkSecurity(CoreSession session, String path)
AbstractFileImporter#checkAllowedSubtypes(CoreSession session, String path, String typeName)

      Deprecated:

      AbstractFileImporter#doSecurityCheck(CoreSession documentManager, String path, String typeName)
AbstractFileImporter#doSecurityCheck(CoreSession documentManager, String path, String typeName, TypeManager typeService)
      Show
      Since 11.3 and 10.10-HF32, the allowed subtype check done by the FileManager can be bypassed using FileImporterContext.builder(coreSession, blob, parentpath) .bypassAllowedSubtypeCheck(true) .build(); Added: FileImporterContext#bypassAllowedSubtypeCheck FileImporterContext#isBypassAllowedSubtypeCheck() FileImporterContext#Builder#bypassAllowedSubtypeCheck FileImporterContext#Builder#bypassAllowedSubtypeCheck(boolean bypassAllowedSubtypeCheck) AbstractFileImporter#checkSecurity(CoreSession session, String path) AbstractFileImporter#checkAllowedSubtypes(CoreSession session, String path, String typeName) Deprecated: AbstractFileImporter#doSecurityCheck(CoreSession documentManager, String path, String typeName) AbstractFileImporter#doSecurityCheck(CoreSession documentManager, String path, String typeName, TypeManager typeService)
    • Sprint:
      nxplatform #14, nxplatform #15, nxplatform #16, nxplatform #17
    • Story Points:
      1

      Description

      Some customers need to bypass the "security check" in AbstractFileImporter#createOrUpdate(FileImporterContext context)

          @Override
    public DocumentModel createOrUpdate(FileImporterContext context) throws IOException {
        CoreSession session = context.getSession();
        String path = getNearestContainerPath(session, context.getParentPath());
        DocumentModel container = session.getDocument(new PathRef(path));
        String targetDocType = getDocType(container); // from override or descriptor
        if (targetDocType == null) {
            targetDocType = getDefaultDocType();
        }
        doSecurityCheck(session, path, targetDocType);

      Some code like below would allow not to execute the method doSecurityCheck

            if (!context.byPassSecurityCheck()) {
        doSecurityCheck(session, path, targetDocType);
      }

      The need is being able to create a "system" document but not let normal users create this document type, so the "security check" would remain for normal users.

       

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 0 minutes
                0m
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 4 hours, 45 minutes
                4h 45m