Customizing User Actions on Documents (beyond role level restrictions)

Issue

Customers want to enable/restrict access to certain users for some documents.

Examples:

• Users can edit a document but cannot delete it

• Allow write options but disable “Move”,”Rename” or, “Delete” access

• Allow some users to edit certain documents but not the remaining documents.

Background

For the rights level, we only have read/write access and one action in particular cannot be excluded from "write" access.

This issue, however one can achieve the desired restrictions with SCXML Workflow Engine.

Solution

The SCXML configuration can be adjusted to achieve user action restrictions for the documents. However, be cautious before making such changes as these are subject to get overwritten every time the system gets upgraded. 

The SCXML configuration resides in the repository. When changes are made in a local development environment, the auto-export produces a yaml file. Therefore, the customizations are packaged and deployed to non-local environments overwriting the changes.

Default SCXML configuration as follow:

<if cond="workflowContext.isGranted(deleteSource, 'hippo:author')">

      <!-- if the user is author (granted hippo:author),

         report the delete/move/rename operations as available but default disabled -->

      <hippo:action action="delete" enabledExpr="false"/>

      <hippo:action action="move" enabledExpr="false"/>

      <hippo:action action="rename" enabledExpr="false"/>

     </if>

Resources

• SCXML Workflow Engine