Free Support Forum - groupdocs.com

User should not be able to delete or change anothers comments


#1

I’ve been testing the java GroupDocs.Annotation library with modified servlet sample code and it seems like the security is not tight enough, in that it allows two different users to delete or change each others comments. Is there a way to set it so that a user can only delete or modify their own comments? Ideally, for our application, there should be two security settings, one to allow a user to change and delete any comments, and one to allow a user the ability to only change or delete their own comments.


Cayle

#2
Hello Cayle,

Thank you for interest in the GroupDocs. As for now user receives access rights per document. It means that there is no difference whose is the annotation. There are 6 access rights that may be combined together to regulate the document collaboration. So there is the document and users are granted some rights to it. If the user is granted to delete annotations he is able to delete all annotations.

Strange, but for comments (annotation replies) everything work a bit different than you described. Everyone is able only to edit/delete their own comments (http://screencast.com/t/j3DMLuJFBREG).

Thank you for the reasonable suggestion. We will put it into our roadmap for the next releases. Feature priorities in our roadmap depend on the customer’s license type who requested the feature. So, dependent on how strong you are interested in the GroupDocs.Annotation for Java library we may implement this feature in the nearest possible release or provide you a beta version even earlier for your early development.

Cayle, can you describe your use-case in more details, so we can advise you better?


#3

Thanks for replying.


My use case is the following:

I work for the University of Missouri in the US as a programmer for the Facilities group.

We have architectural design and construction documents that need to be reviewed and annotated by up to 60 people concurrently during a fixed review period. Each of these people will be able to add their own annotations and reply to the annotations left by others. If one person deletes an annotation or comment left by someone else, and something important is missed, then it could end up costing the project large amounts of money. When the review period is over, the document will be locked and no further addition should be possible. The final annotated document will be made available to the architect or consultant for correction.

We are currently using Adobe Acrobat and SharePoint to conduct these reviews, but we have found that on occasion users are not able to post their comments and it is very difficult to troubleshoot what is going on. That the expense of SharePoint is leading us to explore other alternatives, such as GroupDocs. University regulations prevent us from using Cloud based services.

Anyway, I have been using your sample servlet java code to integrate groupdocs with our new Project Management system, using Oracle as the database. And I’ve gotten pretty far, at least enough to have more questions about it. I think I’m ready to get the 30 day key so I can let my users hammer at it, to see if it will be suitable for them.

We are very interested in using the java Annotation, Viewer, and Signature libraries (when available).

One of the things holding us back, is the inability to use your library under the Caucho Resin server. My main application is currently incompatible with Tomcat 8, and runs on Resin with SSL enabled. The annotation sample code only seems to run under Tomcat 8. Because of the cross site restrictions and SSL, it proved impossible to seamlessly integrate the annotation servlets with the main application using an Iframe. I have in the main application had to pop-up a new window having the annotation software to get it to work at all.

Another question I have is about the differences between the Viewer component in the Viewer library and the Viewer component in the Annotation library. Is there a difference or are they the same? With the annotation viewer, I have been able to work with DOC files and PDF files, but XLS files have not been viewable, and JPG files seemed to be converted to PDF. It was just a test to see what the viewer could work with - we will not need the ability to annotate spreadsheets or jpegs.

Cayle

#4
Hello Cayle,

Thank you for details on your use case. All this was passed to our product team. We currently are discussing this functionality, how and when it can be implemented. We will inform you about results. Sorry for the inconvenience with the delay.


#5
Hello Cayle,

Answer for your question about the difference between the GroupDocs.Viewer as a separate product and in scope of the GroupDocs.Annotation library. The GroupDocs.Viewer in scope of the Annotation library is tuned to work with annotations. The separate library provides a lot more settings to tweak. Also, for now, the Viewer in the Annotation works in the image-based mode, whether the separate one provides and ability to choose between HTML and image rendering modes.