check_permission()

Checks whether the current user has the requested permissions on an object via DMS.CheckPermission (single flag) or DMS.CheckPermissions (multiple flags).

To check whether an object may be inserted at a specific location, pass 0 as model, set write=True, and specify the target via folder_id or register_id.

1. Signature

Sync
Async

ecm.dms.check_permission(
    model: _ECMModelBase | int,
    object_type_id: int | None = None,
    *,
    read: bool = False,
    write: bool = False,
    execute: bool = False,
    delete: bool = False,
    update: bool = False,
    folder_id: int | ECMFolderModel | None = None,
    register_id: int | ECMRegisterModel | None = None,
    register_type: int | None = None,
) -> bool

await ecm.dms.check_permission(
    model: _ECMModelBase | int,
    object_type_id: int | None = None,
    *,
    read: bool = False,
    write: bool = False,
    execute: bool = False,
    delete: bool = False,
    update: bool = False,
    folder_id: int | ECMFolderModel | None = None,
    register_id: int | ECMRegisterModel | None = None,
    register_type: int | None = None,
) -> bool

2. Parameters

Parameter Type Default Description

Parameter	Type	Default	Description
`model`	`_ECMModelBase \| int`	—	Either an ECM model instance (its `id` is used) or a plain integer object ID. Pass `0` to check insert permission at a location specified by `folder_id` / `register_id`.
`object_type_id`	`int \| None`	`None`	The numeric object type ID. If `None` and `model` is not `0`, the type is extracted from the model instance when available, or resolved via `get_object_type_by_id()` for plain integer IDs.
`read`	`bool`	`False`	Check for read index data permission (`R`).
`write`	`bool`	`False`	Check for write index data permission (`W`).
`execute`	`bool`	`False`	Check for open/execute permission (`X`).
`delete`	`bool`	`False`	Check for delete permission (`D`).
`update`	`bool`	`False`	Check for update object permission (`U`).
`folder_id`	`int \| ECMFolderModel \| None`	`None`	ID of the folder or an `ECMFolderModel` instance for location-based permission checks.
`register_id`	`int \| ECMRegisterModel \| None`	`None`	ID of the parent register or an `ECMRegisterModel` instance for location-based permission checks.
`register_type`	`int \| None`	`None`	Type of the parent register. `0` means the object is directly at folder level, `-1` means register-independent.

model

_ECMModelBase | int

—

Either an ECM model instance (its id is used) or a plain integer object ID. Pass 0 to check insert permission at a location specified by folder_id / register_id.

object_type_id

int | None

None

The numeric object type ID. If None and model is not 0, the type is extracted from the model instance when available, or resolved via get_object_type_by_id() for plain integer IDs.

read

bool

False

Check for read index data permission (R).

write

bool

False

Check for write index data permission (W).

execute

bool

False

Check for open/execute permission (X).

delete

bool

False

Check for delete permission (D).

update

bool

False

Check for update object permission (U).

folder_id

int | ECMFolderModel | None

None

ID of the folder or an ECMFolderModel instance for location-based permission checks.

register_id

int | ECMRegisterModel | None

None

ID of the parent register or an ECMRegisterModel instance for location-based permission checks.

register_type

int | None

None

Type of the parent register. 0 means the object is directly at folder level, -1 means register-independent.

At least one of read, write, execute, delete, or update must be True.

3. Access flags

Flag Parameter Description

Flag	Parameter	Description
`R`	`read`	Read index data of the object.
`W`	`write`	Write index data of the object.
`X`	`execute`	Open or execute the object.
`D`	`delete`	Delete the object.
`U`	`update`	Update the object (replace files).

R

read

Read index data of the object.

W

write

Write index data of the object.

X

execute

Open or execute the object.

D

delete

Delete the object.

U

update

Update the object (replace files).

When a single flag is requested, the server call DMS.CheckPermission is used. When multiple flags are requested, DMS.CheckPermissions is used instead.

4. Return value

True if the user has all requested permissions, False otherwise.

5. Exceptions

Exception Condition

Exception	Condition
`ValueError`	`model` is a model instance with `id` set to `None`, or none of the permission flags is `True`.
`ECMNotFoundException`	`object_type_id` is `None`, `model` is not `0`, and no object with the given ID exists on the server.

ValueError

model is a model instance with id set to None, or none of the permission flags is True.

ECMNotFoundException

object_type_id is None, model is not 0, and no object with the given ID exists on the server.

6. Examples

6.1. Check read permission on a document

Sync
Async

doc = ecm.dms.get(InvoiceDocument, 12345)
if ecm.dms.check_permission(doc, read=True):
    print("Read access granted")

doc = await ecm.dms.get(InvoiceDocument, 12345)
if await ecm.dms.check_permission(doc, read=True):
    print("Read access granted")

6.2. Check multiple permissions at once

Sync
Async

if ecm.dms.check_permission(12345, read=True, write=True, delete=True):
    print("Full access")
else:
    print("Restricted access")

if await ecm.dms.check_permission(12345, read=True, write=True, delete=True):
    print("Full access")
else:
    print("Restricted access")

6.3. Check insert permission at a folder location

Sync
Async

folder = ecm.dms.select(InvoiceFolder).execute()[0]
if ecm.dms.check_permission(0, object_type_id=327685, write=True, folder_id=folder):
    print("Insert allowed in this folder")

folder = (await ecm.dms.select(InvoiceFolder).execute())[0]
if await ecm.dms.check_permission(0, object_type_id=327685, write=True, folder_id=folder):
    print("Insert allowed in this folder")

7. See also

delete() — Delete an object
insert() — Create a new object