Package org.nuxeo.ecm.core.security

Class LockSecurityPolicy

  • All Implemented Interfaces:
    SecurityPolicy
    Direct Known Subclasses:
    WOPILockSecurityPolicy
    public class LockSecurityPolicy
extends AbstractSecurityPolicy
    Security policy that blocks WRITE permission on a document if it is locked by someone else.
    Author:
    Anahide Tchertchian, Florent Guillaume

    • Constructor Detail

      • LockSecurityPolicy

        public LockSecurityPolicy()

    • Method Detail

      • checkPermission

        public Access checkPermission​(Document doc,
                              ACP mergedAcp,
                              NuxeoPrincipal principal,
                              String permission,
                              String[] resolvedPermissions,
                              String[] additionalPrincipals)
        Description copied from interface: SecurityPolicy
        Checks given permission for doc and principal.

        Note that for the Browse permission, which is also implemented in SQL using SecurityPolicy.getQueryTransformer(java.lang.String), a security policy must never bypass standard ACL access, it must only return DENY or UNKNOWN. Failing to do this would make direct access and queries behave differently.

        Parameters:
        doc - the document to check
        mergedAcp - merged ACP resolved for this document
        principal - principal to check
        permission - permission to check
        resolvedPermissions - permissions or groups of permissions containing permission
        Returns:
        access: GRANT, DENY, or UNKNOWN. When UNKNOWN is returned, following policies or default core security are applied.

      • isExpressibleInQuery

        public boolean isExpressibleInQuery​(String repositoryName)
        Description copied from interface: SecurityPolicy
        Checks if this policy can be expressed in a query for given repository.

        If not, then any query made will have to be post-filtered.

        Specified by:
        isExpressibleInQuery in interface SecurityPolicy
        Overrides:
        isExpressibleInQuery in class AbstractSecurityPolicy
        Parameters:
        repositoryName - the target repository name.
        Returns:
        true if the policy can be expressed in a query

      • setIgnorePolicy

        public static void setIgnorePolicy​(boolean ignore)
        Since:
        11.1

      • isIgnorePolicy

        public static boolean isIgnorePolicy()
        Since:
        11.1