Uploaded image for project: 'Alfresco One Platform'
  1. Alfresco One Platform
  2. ACE-5369

Rest APIs to distinguish between downloads for 'read', 'preview' and 'config'

    Details

    • ACT Numbers:

      00652025, 00531390

      Description

      Currently, a client can download content for either preview or download purposes without having to specify the intent of the download.

      This feature is to give the clients download APIs that either get audited as READ or PREVIEW. The client-side requirements are well-specified in ACE-1143 and include the debug settings to required to view the generated audit logs. We would expect to be able to generate audit data similar to this:

      11:16:12,802 TRACE [org.alfresco.repo.audit.access.AccessAuditor] 
      		/alfresco-access/transaction/action=PREVIEW
      		/alfresco-access/transaction/node=workspace://SpacesStore/07dbeba8-1ac1-4a0b-8478-c70dcd5d5cdd
      		/alfresco-access/transaction/path=/app:company_home/cm:Consulting Timeline and Sweet Spot.jpg
      		/alfresco-access/transaction/sub-actions=readContent
      		/alfresco-access/transaction/type=cm:content
      		/alfresco-access/transaction/user=admin
      		--- sub actions ---
      		/alfresco-access/transaction/sub-action/0/action=readContent
      		/alfresco-access/transaction/sub-action/1/action=readContent
      		/alfresco-access/transaction/sub-action/2/action=readContent
      		/alfresco-access/transaction/sub-action/3/action=readContent
      		/alfresco-access/transaction/sub-action/4/action=readContent
      		/alfresco-access/transaction/sub-action/5/action=readContent
      		/alfresco-access/transaction/sub-action/6/action=readContent
      		/alfresco-access/transaction/sub-action/7/action=readContent
      		/alfresco-access/transaction/sub-action/8/action=readContent
      		/alfresco-access/transaction/sub-action/9/action=readContent
      11:16:36,416 TRACE [org.alfresco.repo.audit.access.AccessAuditor] 
      		/alfresco-access/transaction/action=READ
      		/alfresco-access/transaction/node=workspace://SpacesStore/07dbeba8-1ac1-4a0b-8478-c70dcd5d5cdd
      		/alfresco-access/transaction/path=/app:company_home/cm:Consulting Timeline and Sweet Spot.jpg
      		/alfresco-access/transaction/sub-actions=readContent
      		/alfresco-access/transaction/type=cm:content
      		/alfresco-access/transaction/user=admin
      		--- sub actions ---
      		/alfresco-access/transaction/sub-action/0/action=readContent
      		/alfresco-access/transaction/sub-action/1/action=readContent
      		/alfresco-access/transaction/sub-action/2/action=readContent
      		/alfresco-access/transaction/sub-action/3/action=readContent
      		/alfresco-access/transaction/sub-action/4/action=readContent
      		/alfresco-access/transaction/sub-action/5/action=readContent
      		/alfresco-access/transaction/sub-action/6/action=readContent
      		/alfresco-access/transaction/sub-action/7/action=readContent
      		/alfresco-access/transaction/sub-action/8/action=readContent
      		/alfresco-access/transaction/sub-action/9/action=readContent
      

      Note that the first action is a PREVIEW (e.g. the download was flagged as a preview by the client) while the second was a READ (e.g. the download was intended for delivery to the client in its entirety). Sub actions can remain reads as they indicate internal operations performed through the call stacks.

      In Scope

      • An API extension or addition to allow clients to specify the download intent
      • Client downloads intents:
        • READ: Document will be served to the end user as a full download
        • PREVIEW: Document will not be delivered to the end-user
        • CONFIG: No audit record is maintained as the download will be used entirely for internal use by the client application

      Out of Scope

      • Any attempt to validate that the client intent is valid
      • Any attempt to intercept partial downloads; once the download is successfully started it is audited

        Attachments

          Issue Links

            Structure

              Activity

                People

                • Assignee:
                  pmunassigned PM Unassigned
                  Reporter:
                  dhulley Derek Hulley [X] (Inactive)
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  4 Start watching this issue

                  Dates

                  • Created:
                    Updated:

                    Time Tracking

                    Estimated:
                    Original Estimate - Not Specified
                    Not Specified
                    Remaining:
                    Remaining Estimate - 0 minutes
                    0m
                    Logged:
                    Time Spent - 15 minutes
                    15m

                      Structure Helper Panel