How-to guides/Security & Encryption

Check what operations are allowed on a PDF in Rust

Inspect the permission flags on any PDF before processing it. Useful for pre-flight checks in document pipelines.

rust
use pdfluent::PdfDocument;

fn main() -> pdfluent::Result<()> {
    let doc = PdfDocument::open("document.pdf")?;
    let perms = doc.permissions();

    println!("Printing allowed:     {}", perms.printing());
    println!("High-res print:       {}", perms.high_res_printing());
    println!("Text copy allowed:    {}", perms.copying());
    println!("Editing allowed:      {}", perms.editing());
    println!("Form filling allowed: {}", perms.form_filling());
    println!("Annotations allowed:  {}", perms.annotations());

    Ok(())
}
Install:cargo add pdfluentDownload SDK →

Step by step

1

Add PDFluent to Cargo.toml

Permission inspection works with or without the encryption feature. The base crate is enough.

rust
# Cargo.toml
[dependencies]
pdfluent = "0.9"
2

Open the document

For password-protected PDFs, supply the user or owner password. A user password is enough to read permission flags.

rust
use pdfluent::PdfDocument;

// Unprotected PDF
let doc = PdfDocument::open("document.pdf")?;

// Password-protected PDF
let doc = PdfDocument::open_with_password("protected.pdf", "user-password")?;
3

Read the permission flags

Call doc.permissions() to get a Permissions struct. On an unencrypted PDF all flags return true.

rust
let perms = doc.permissions();

println!("Printing:     {}", perms.printing());
println!("High-res:     {}", perms.high_res_printing());
println!("Copy:         {}", perms.copying());
println!("Edit:         {}", perms.editing());
println!("Forms:        {}", perms.form_filling());
println!("Annotations:  {}", perms.annotations());
4

Branch on specific flags in a pipeline

Use the flags to decide how to process the document downstream. For example, skip text extraction on documents that disallow copying.

rust
let perms = doc.permissions();

if !perms.copying() {
    eprintln!("Text extraction not permitted by document policy.");
    return Ok(());
}

let text = doc.extract_text()?;
println!("{}", text);
5

Check whether a document is encrypted at all

Use doc.is_encrypted() to distinguish between an unencrypted PDF (all permissions are open by default) and one that has explicit restrictions.

rust
if doc.is_encrypted() {
    println!("Document is encrypted. Checking permission flags...");
    let perms = doc.permissions();
    println!("Copy allowed: {}", perms.copying());
} else {
    println!("Document is not encrypted. All operations are allowed.");
}

Notes and tips

  • Unencrypted PDFs always return true for every permission flag.
  • Some PDF creators set permission flags without encrypting the file. PDFluent reports flags as-is from the document.
  • PDF readers are expected to enforce permissions. The flags do not prevent raw byte access to the file.

Why PDFluent for this

Pure Rust

No JVM, no runtime, no DLL dependencies. Ships as a single native binary or WASM module.

Memory safe

Rust's ownership model prevents buffer overflows and use-after-free. No segfaults in PDF parsing.

Runs anywhere

Same code runs server-side, in Docker, on AWS Lambda, on Cloudflare Workers, or in the browser via WASM.

Frequently asked questions

Download PDFluent