org.nuxeo.ecm.core.security

Class CheckInSecurityPolicy

java.lang.Object

org.nuxeo.ecm.core.security.AbstractSecurityPolicy

org.nuxeo.ecm.core.security.CheckInSecurityPolicy

All Implemented Interfaces:

SecurityPolicy

public class CheckInSecurityPolicy
extends AbstractSecurityPolicy

Security policy that denies write access on a live document when it is in the checked-in state.

The document must be checked out before modification is allowed.

Since:

5.4

Nested Class Summary

Nested classes/interfaces inherited from interface org.nuxeo.ecm.core.security.SecurityPolicy

SecurityPolicy.IdentityQueryTransformer, SecurityPolicy.QueryTransformer

Constructor Summary

Constructors

Constructor and Description
CheckInSecurityPolicy()

Method Summary

Modifier and Type	Method and Description
Access	checkPermission(Document doc, ACP mergedAcp, NuxeoPrincipal principal, String permission, String[] resolvedPermissions, String[] additionalPrincipals) Checks given permission for doc and principal.
SQLQuery.Transformer	getQueryTransformer(String repositoryName) Get the transformer to use to apply this policy to a query.
boolean	isExpressibleInQuery(String repositoryName) Checks if this policy can be expressed in a query for given repository.
boolean	isRestrictingPermission(String permission) Checks if this policy is restricting the given permission.

Methods inherited from class org.nuxeo.ecm.core.security.AbstractSecurityPolicy

getQueryTransformer, isExpressibleInQuery

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CheckInSecurityPolicy

public CheckInSecurityPolicy()

Method Detail

checkPermission

public Access checkPermission(Document doc,
                              ACP mergedAcp,
                              NuxeoPrincipal principal,
                              String permission,
                              String[] resolvedPermissions,
                              String[] additionalPrincipals)

Description copied from interface: SecurityPolicy

Checks given permission for doc and principal.

Note that for the Browse permission, which is also implemented in SQL using SecurityPolicy.getQueryTransformer(java.lang.String), a security policy must never bypass standard ACL access, it must only return DENY or UNKNOWN. Failing to do this would make direct access and queries behave differently.

Parameters:

doc - the document to check

mergedAcp - merged ACP resolved for this document

principal - principal to check

permission - permission to check

resolvedPermissions - permissions or groups of permissions containing permission

Returns:

access: GRANT, DENY, or UNKNOWN. When UNKNOWN is returned, following policies or default core security are applied.

isRestrictingPermission

public boolean isRestrictingPermission(String permission)

Description copied from interface: SecurityPolicy

Checks if this policy is restricting the given permission.

Queries check the BROWSE permission.

Specified by:

isRestrictingPermission in interface SecurityPolicy

Overrides:

isRestrictingPermission in class AbstractSecurityPolicy

Parameters:

permission - the permission to check for

Returns:

true if the policy restricts the permission

isExpressibleInQuery

public boolean isExpressibleInQuery(String repositoryName)

Description copied from interface: SecurityPolicy

Checks if this policy can be expressed in a query for given repository.

If not, then any query made will have to be post-filtered.

Specified by:

isExpressibleInQuery in interface SecurityPolicy

Overrides:

isExpressibleInQuery in class AbstractSecurityPolicy

Parameters:

repositoryName - the target repository name.

Returns:

true if the policy can be expressed in a query

getQueryTransformer

public SQLQuery.Transformer getQueryTransformer(String repositoryName)

Description copied from interface: SecurityPolicy

Get the transformer to use to apply this policy to a query.

Called only when #isExpressibleInQuery() returned true

Specified by:

getQueryTransformer in interface SecurityPolicy

Overrides:

getQueryTransformer in class AbstractSecurityPolicy

Parameters:

repositoryName - the target repository name.

Returns:

the transformer