Blinding Rules
Blinding Rules are per-archive visibility controls that restrict which users or user groups can see specific folders or content types within a SureDrive. They are used to support regulatory blinding scenarios where certain team members must not see particular document categories.
Entry Point
| Item | Value |
|---|---|
| Route state | app.network.study.browse.blinding-rules |
| URL pattern | /blinding-rules?page |
| Controller | (in study-blinding-rules.js) |
| JS file | SC/suredms-web-client/src/main/webapp/app/js/network/study/blinding/study-blinding-rules.js |
| Template | SC/suredms-web-client/src/main/webapp/app/views/network/study/blinding/study-blinding-rules.html |
The Blinding Rules page is accessed from the Project Dashboard overflow menu → Blinding Rules.
What a Blinding Rule Consists Of
Each blinding rule targets a specific folder (content type) and applies to one or more users or user groups:
| Field | Description |
|---|---|
folderId | The content type or folder that is hidden |
userGroups | List of user IDs or group IDs the rule applies to |
permission type | READ or READ_WRITE access level to restrict |
limitToMyDocuments | If set, restricts view only to documents the user owns |
limitToMyOrganizationDocuments | If set, restricts view to documents from the user's organisation |
active | Boolean flag to enable or disable the rule without deleting it |
Rules are applied at document retrieval time via ContentVisibilityService (SC/suredms-web-client/src/main/webapp/app/js/network/study/documents/study-content-visibility-service.js), which filters the folder tree and document list based on active rules for the current user.
Rule Evaluation
When a user navigates the document tree or downloads a document:
ContentVisibilityServiceloads all active blinding rules for the current archive- For each folder in the content model, it checks whether any rule targets that folder and includes the current user (or a group the user belongs to)
- Hidden folders are removed from the tree; documents in hidden folders are excluded from lists and search results
- The
limitToMyDocumentsandlimitToMyOrganizationDocumentsflags further narrow the visible document set within non-hidden folders
Relationship to Properties
Blinding Rules are enabled as a feature at the archive level via the SureDrive Properties page. If the feature is not enabled for the drive, the Blinding Rules menu item is not shown.
Rule Persistence — Nuxeo Operations
Blinding rules are persisted via BlindingRulesService, which wraps ConnectionService.sendFile (multipart/form-data with JSON body):
| Operation | Trigger |
|---|---|
OPERATION_SECURITY_GET_ARCHIVE_BLINDING_RULES | Called via ConnectionService.postRequest to load the current rule set for the archive |
OPERATION_SECURITY_SET_ARCHIVE_BLINDING_RULES | Sent via ConnectionService.sendFile to create or update a rule |
OPERATION_SECURITY_REMOVE_ARCHIVE_BLINDING_RULES | Sent via ConnectionService.sendFile to delete a rule |
Source: SC/suredms-web-client/src/main/webapp/app/js/network/study/blinding/study-blinding-rules.js
Rule Enrichment
After loading, BlindingRulesController enriches each rule with display metadata:
| Property added | Source |
|---|---|
status | "Active" or "Inactive" based on current state |
modifiedDate | Formatted modification timestamp |
modifiedByName | Display name of the last modifier |
User and Group Resolution
Rules can apply to individual users or to groups. After loading, UserGroupService resolves each userGroups entry:
| Entry type | Enrichment |
|---|---|
| User | Resolved to full user object |
| Group | Resolved to group object with type: 'group' and icon ng:user-group |
Rule Editability
A rule can be edited by the current user if:
- The current user is an admin, or
- The current user is the
modifiedByuser on that rule
Filtering
The rule list supports three filter dimensions:
| Filter | Field searched |
|---|---|
| By name | Username match |
| By folder name | folderName field on the rule |
By hideInactive | Hides rules with status === "Inactive" |