Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-30872

Current document is missing from context in file download permission for renditions

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: 2021.0
    • Fix Version/s: None
    • Component/s: Renditions, Rest API

      Description

      Download permissions for renditions are very limited because the document is missing from the context. Unlike the PreviewAdapter, the RenditionAdapter doesn't explicitly verify file download permissions and only passes the renditionName to the download servlet so part of context is lost.

      One could argue that a rendition configuration contains an action filter in the first place but:

      • xml configuration and EL expressions are not as versatile as a JS script
      • configuration must potentially be duplicated, one for stored blobs and one for renditons.

        Attachments

          Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. NXP-31166 Fix download context for renditions

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: