Suppose I have a document with a readers field on it allowing access only for userA:
- If I open an XPage with a view control on it bound to a view that contains that document I get the expected behavior: userA does see an entry for that document in the view and userB (who doesn't have access to the document) doesn't.
- If I use an XPage containing a document datasource to open that document (using the documentId parameter in the URL) userA can view the information from that document. If userB opens the same URL he doesn't have access to the information on the document.
The problem I'm having is that I don't know how to check if the user has access to the document or not: the document object from the data source is always available and the isValid()
method returns true for both users. The same goes if a make a database.getDocumentByUNID()
call in SSJS: if the UNID exists in the database it always returns a document object, even if the user making the call doesn't have access to the document.
This behavior is different to that in LotusScript: a getDocumentByUNID() call throws an error (or returns nothing, I'm not sure...) if the user doesn't have access.
What I did found out is that if a user doesn't have access to a document getUniversalID() returns a blank string and getSize() returns 0.
Two questions: why does it work this way and what is the proper way to check if a user has access to a document (so I can handle it and show an error message)?