Interface SecurityPolicyService

  • All Superinterfaces:
    Serializable
    All Known Implementing Classes:
    SecurityPolicyServiceImpl

    public interface SecurityPolicyService
    extends Serializable
    Service checking permissions for pluggable policies.
    Author:
    Anahide Tchertchian, Florent Guillaume
    • Method Detail

      • checkPermission

        Access checkPermission​(Document doc,
                               ACP mergedAcp,
                               NuxeoPrincipal principal,
                               String permission,
                               String[] resolvedPermissions,
                               String[] principalsToCheck)
        Checks given permission for doc and principal.

        The security service checks this service for a security access. This access is defined iterating over pluggable policies in a defined order. If access is not specified, security service applies its default policy.

        Parameters:
        doc - the document to check
        mergedAcp - merged acp resolved for this document
        principal - principal to check
        permission - permission to check
        resolvedPermissions - permissions or groups of permissions containing permission
        principalsToCheck - principals (groups) to check for principal
        Returns:
        access: true, false, or nothing. When nothing is returned, following policies or default core security are applied.
      • arePoliciesRestrictingPermission

        boolean arePoliciesRestrictingPermission​(String permission)
        Checks if any policy restricts the given permission.

        If not, then no post-filtering on policies will be needed for query results.

        Returns:
        true if a policy restricts the permission
      • arePoliciesExpressibleInQuery

        boolean arePoliciesExpressibleInQuery​(String repositoryName)
        Checks if the policies can be expressed in a query for a given repository.

        If not, then any query made will have to be post-filtered.

        Parameters:
        repositoryName - the target repository name.
        Returns:
        true if all policies can be expressed in a query
      • getPoliciesQueryTransformers

        Collection<SQLQuery.Transformer> getPoliciesQueryTransformers​(String repositoryName)
        Get the transformers to apply the policies to a query for given repository.
        Parameters:
        repositoryName - the target repository name.
        Returns:
        the transformers.
      • getPolicies

        List<SecurityPolicy> getPolicies()
        Gets the list of registered security policies.
        Returns:
        the policies
        Since:
        5.7.2