Package org.nuxeo.ecm.core.security
Interface SecurityPolicyService
-
- All Superinterfaces:
Serializable
- All Known Implementing Classes:
SecurityPolicyServiceImpl
public interface SecurityPolicyService extends Serializable
Service checking permissions for pluggable policies.- Author:
- Anahide Tchertchian, Florent Guillaume
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description booleanarePoliciesExpressibleInQuery(String repositoryName)Checks if the policies can be expressed in a query for a given repository.booleanarePoliciesRestrictingPermission(String permission)Checks if any policy restricts the given permission.AccesscheckPermission(Document doc, ACP mergedAcp, NuxeoPrincipal principal, String permission, String[] resolvedPermissions, String[] principalsToCheck)Checks given permission for doc and principal.List<SecurityPolicy>getPolicies()Gets the list of registered security policies.Collection<SQLQuery.Transformer>getPoliciesQueryTransformers(String repositoryName)Get the transformers to apply the policies to a query for given repository.voidregisterDescriptor(SecurityPolicyDescriptor descriptor)voidunregisterDescriptor(SecurityPolicyDescriptor descriptor)
-
-
-
Method Detail
-
checkPermission
Access checkPermission(Document doc, ACP mergedAcp, NuxeoPrincipal principal, String permission, String[] resolvedPermissions, String[] principalsToCheck)
Checks given permission for doc and principal.The security service checks this service for a security access. This access is defined iterating over pluggable policies in a defined order. If access is not specified, security service applies its default policy.
- Parameters:
doc- the document to checkmergedAcp- merged acp resolved for this documentprincipal- principal to checkpermission- permission to checkresolvedPermissions- permissions or groups of permissions containing permissionprincipalsToCheck- principals (groups) to check for principal- Returns:
- access: true, false, or nothing. When nothing is returned, following policies or default core security are applied.
-
registerDescriptor
void registerDescriptor(SecurityPolicyDescriptor descriptor)
-
unregisterDescriptor
void unregisterDescriptor(SecurityPolicyDescriptor descriptor)
-
arePoliciesRestrictingPermission
boolean arePoliciesRestrictingPermission(String permission)
Checks if any policy restricts the given permission.If not, then no post-filtering on policies will be needed for query results.
- Returns:
trueif a policy restricts the permission
-
arePoliciesExpressibleInQuery
boolean arePoliciesExpressibleInQuery(String repositoryName)
Checks if the policies can be expressed in a query for a given repository.If not, then any query made will have to be post-filtered.
- Parameters:
repositoryName- the target repository name.- Returns:
trueif all policies can be expressed in a query
-
getPoliciesQueryTransformers
Collection<SQLQuery.Transformer> getPoliciesQueryTransformers(String repositoryName)
Get the transformers to apply the policies to a query for given repository.- Parameters:
repositoryName- the target repository name.- Returns:
- the transformers.
-
getPolicies
List<SecurityPolicy> getPolicies()
Gets the list of registered security policies.- Returns:
- the policies
- Since:
- 5.7.2
-
-