Problems Settings Permissions to edit only forms in DOCXF

I have OnlyOffice Version: 8.0.1. Build: 31 installed in docker with the Alfresco connector.
I’m trying to configure the editor to:

  • edit a docx with the docxf mode (creating fillable forms)
  • make the user edits only the fillable fields that i have created;

The first step works well and i have no problem with this. The options that i use for this are:

“canManagePermissions”: true,
“demo”: false,
“editorConfig”: {
“document”: {
“fileType”: “docxf”,
“info”: {
“favorite”: false
“key”: “BLABLA”,
“permissions”: {
“edit”: true
“title”: “BLABLA.docx”,
“url”: “BLABLA”,
“token”: “BLABLA”,
“isForm”: false
“documentType”: “word”,
“editorConfig”: {
“callbackUrl”: “BLABLA”,
“createUrl”: “BLABLA”,
“customization”: {
“autosave”: false,
“comments”: false,
“trackChanges”: false,
“help”: false,
“hideRightMenu”: true,
“hideRulers”: true,
“uiTheme”: “theme-light”,
“zoom”: 100,
“about”: true,
“feedback”: false
“lang”: “it-IT”,
“mode”: “edit”,
“templates”: ,
“user”: {
“firstname”: “Administrator”,
“id”: “admin”,
“lastname”: “”,
“name”: "Administrator "
“canCoAuthoring”: false
“height”: “100%”,
“token”: “BLABLA”,
“type”: “desktop”,
“width”: “100%”,
“frameEditorId”: “testplaceholder”,
“parentOrigin”: “http://localhost:4200
“favorite”: “parashift/onlyoffice/editor-api/favorite?nodeRef=workspace://SpacesStore/BLABLA”,
“folderNode”: “workspace://SpacesStore/BLABLA”,
“historyDataUrl”: “parashift/onlyoffice/history/data?nodeRef=workspace://SpacesStore/BLABLA”,
“historyInfoUrl”: “parashift/onlyoffice/history/info?nodeRef=workspace://SpacesStore/BLABLA”,
“mime”: “application/vnd.openxmlformats-officedocument.wordprocessingml.document”,
“onlyofficeUrl”: “BLABLA”

But when i try to add the permissions block TO MAKE THE USER EDIT ONLY THE FORMS AND NOT THE DOCUMENT (i created this block following the instructions found at Config - ONLYOFFICE Api Documentation)

        "permissions": {
            "chat": false,
            "comment": false,
            "copy": false,
            "deleteCommentAuthorOnly": false,
            "download": false,
            "edit": false,
            "editCommentAuthorOnly": false,
            "fillForms": true,
            "modifyContentControl": false,
            "print": false,
            "protect": false,
            "review": false

The editor will not open and an error will pop up saying that i have not the right permissions to do this action.
What am i doing wrong?
Thank you.

1 Like

Hello @Ghug

Please elaborate on this:

Do I understand correctly that you are trying to open the document with such permissions from Alfresco? Provided initialization config shows that you integrating Document Server with your own application on the other hand.

By the way, is there any particular reason behind using DOCX with forms instead of PDF to fill out forms?

1 Like

Yes sorry i’m integrating Document Server with my own application (Alfresco is only the place where my docs are stored).
I’m using the same extension because the steps that i need to provide are
1)user build a docxf
2)another user fill the form
If i use pdf i have to
1)user build a docxf
2)i transform the docx to pdf with onlyoffice ( with the Conversion API - ONLYOFFICE Api Documentation )
3)another user compile the pdf
Do I have to necessarily use this method?

Unfortunately, I wasn’t able to reproduce the issue in simple HTML for Document Server with provided parameters - both with JWT and without it document loads successfully.

I have to mention that you are using various parameters that are not supported by Document Server, for instance, isForm, canManagePermissions, demo, etc. These are not documented in this documentation:

Also, I can see that you are using token in two places. What is the one in document array used for?

In general, you are stating that first code works to open a document, but there are no permissions set. Please elaborate on how do you apply all other permissions to the config to run editors. Do you change token after this change?

No, I was just curios about that. It is an alternative solution after all.

1 Like

Sorry I’m definitely unclear.
In my application i’m doing the step to open the onlyoffice editor linked to the docs on my alfresco (i have asked another question maybe can be usefull for you to understand my case Could not resolve view with name /documenteditor/main/index.html - #4 by Alexandre ).
The previous blockcode with the json object is not created by me.
I do the prepare ( /parashift/onlyoffice/prepare?nodeRef={nodeRef} ) that give me the json object then i slightly modified it (i add the customization part, modify the filetype, mode and canCoAuthoring ) like this

this.parsedObj.editorConfig["document"].fileType = "docxf";
this.parsedObj.editorConfig["editorConfig"].customization = customization;
this.parsedObj.editorConfig["editorConfig"].canCoAuthoring = false;
this.parsedObj.editorConfig["editorConfig"].mode = "edit";

and then pass the result to the
new DocsAPI.DocEditor(“testplaceholder”, this.parsedObj.editorConfig);
to open the editor and it works but if i try to add the permissions block into the “document” json object

this.parsedObj.editorConfig[“document”].permissions = permissions;

It not works.
I don’t know why i have two tokens and i don’t know why there is no permission block in the json that the prepare generate for me but i have no problem to open the editor in the edit mode or in the view mode (i change the value of the “edit” field and the “mode”).
It not works only when i try to make editable only the fillable fields of the docxf.
Sorry if i’m unclear i don’t want to create confusion.

I’d recommend check if the same permissions work when editor page is generated directly, i.e. by trying to build an HTML with such permissions being declared manually, considering that I didn’t face any issues with my previous test. This would help to understand whether there is an issue parsing permissions object from your application or there is something else and troubleshoot the situation further.

By the way, you can take a look at DevTools for possible hints and analyze the end config that is applied to build an editor frame. This also could help in understanding

Sorry i have not tried to follow your hint, i will do a manually configured html later.

For further details about my problem the onlyoffice log says
nodeJS - fillDataFromJwt token has modified permissions
nodeJS - fillDataFromJwt return false

Maybe the problem is in my prepare?
-I generate my prepare
-I change the permissions
-i call new DocsAPI.DocEditor(“testplaceholder”, a.editorConfig);

So maybe the DocEditor wants a token that is not the one that i’m generating with the prepare (because i edit the permission block after the prepare).

If it is the case, how can i generate the prepare to make the user edit only the fillable forms?

I have seen these options for the prepare:

  1. parashift/onlyoffice/prepare?new=newdoc.docxf&parentNodeRef=workspace://SpacesStore/IDNODEWHERETHENEWDOCWILLBESTORED&templateNodeRef=workspace://SpacesStore/IDNODETEMPLATEFORTHENEWDOC (tried and it works well)
  2. use of the “readonly” and the “preview” url param but i can’t figure out how they works.

Maybe if i call the prepare with these url param then i can add the permission block like i have explained previously in another response of this post?

Looking forward to your feedback.

I don’t quite understand what do you mean by “prepare”. If you are referring to initialization config, then it must be properly generated before invoking the editors so that all necessary parameters are applied.