Package org.nuxeo.ecm.core.security
Class RetentionAndHoldSecurityPolicy
- java.lang.Object
-
- org.nuxeo.ecm.core.security.AbstractSecurityPolicy
-
- org.nuxeo.ecm.core.security.RetentionAndHoldSecurityPolicy
-
- All Implemented Interfaces:
SecurityPolicy
public class RetentionAndHoldSecurityPolicy extends AbstractSecurityPolicy
Security policy that prevents deletion of a document when it is under retention or has a legal hold.- Since:
- 11.1
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from interface org.nuxeo.ecm.core.security.SecurityPolicy
SecurityPolicy.IdentityQueryTransformer, SecurityPolicy.QueryTransformer
-
-
Constructor Summary
Constructors Constructor Description RetentionAndHoldSecurityPolicy()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description AccesscheckPermission(Document doc, ACP mergedAcp, NuxeoPrincipal principal, String permission, String[] resolvedPermissions, String[] additionalPrincipals)Checks given permission for doc and principal.SQLQuery.TransformergetQueryTransformer(String repositoryName)Get the transformer to use to apply this policy to a query.booleanisExpressibleInQuery(String repositoryName)Checks if this policy can be expressed in a query for given repository.booleanisRestrictingPermission(String permission)Checks if this policy is restricting the given permission.-
Methods inherited from class org.nuxeo.ecm.core.security.AbstractSecurityPolicy
getQueryTransformer, isExpressibleInQuery
-
-
-
-
Method Detail
-
checkPermission
public Access checkPermission(Document doc, ACP mergedAcp, NuxeoPrincipal principal, String permission, String[] resolvedPermissions, String[] additionalPrincipals)
Description copied from interface:SecurityPolicyChecks given permission for doc and principal.Note that for the
Browsepermission, which is also implemented in SQL usingSecurityPolicy.getQueryTransformer(java.lang.String), a security policy must never bypass standard ACL access, it must only return DENY or UNKNOWN. Failing to do this would make direct access and queries behave differently.- Parameters:
doc- the document to checkmergedAcp- merged ACP resolved for this documentprincipal- principal to checkpermission- permission to checkresolvedPermissions- permissions or groups of permissions containing permission- Returns:
- access: GRANT, DENY, or UNKNOWN. When UNKNOWN is returned, following policies or default core security are applied.
-
isRestrictingPermission
public boolean isRestrictingPermission(String permission)
Description copied from interface:SecurityPolicyChecks if this policy is restricting the given permission.Queries check the BROWSE permission.
- Specified by:
isRestrictingPermissionin interfaceSecurityPolicy- Overrides:
isRestrictingPermissionin classAbstractSecurityPolicy- Parameters:
permission- the permission to check for- Returns:
trueif the policy restricts the permission
-
isExpressibleInQuery
public boolean isExpressibleInQuery(String repositoryName)
Description copied from interface:SecurityPolicyChecks if this policy can be expressed in a query for given repository.If not, then any query made will have to be post-filtered.
- Specified by:
isExpressibleInQueryin interfaceSecurityPolicy- Overrides:
isExpressibleInQueryin classAbstractSecurityPolicy- Parameters:
repositoryName- the target repository name.- Returns:
trueif the policy can be expressed in a query
-
getQueryTransformer
public SQLQuery.Transformer getQueryTransformer(String repositoryName)
Description copied from interface:SecurityPolicyGet the transformer to use to apply this policy to a query.Called only when
SecurityPolicy.isExpressibleInQuery(String)returnedtrue- Specified by:
getQueryTransformerin interfaceSecurityPolicy- Overrides:
getQueryTransformerin classAbstractSecurityPolicy- Parameters:
repositoryName- the target repository name.- Returns:
- the transformer
-
-