Package org.nuxeo.ecm.core.security

Class SecurityPolicyServiceImpl

    • Constructor Detail

      • SecurityPolicyServiceImpl

        public SecurityPolicyServiceImpl()

    • Method Detail

      • arePoliciesRestrictingPermission

        public boolean arePoliciesRestrictingPermission​(String permission)
        Description copied from interface: SecurityPolicyService
        Checks if any policy restricts the given permission.

        If not, then no post-filtering on policies will be needed for query results.

        Specified by:
        arePoliciesRestrictingPermission in interface SecurityPolicyService
        Returns:
        true if a policy restricts the permission

      • arePoliciesExpressibleInQuery

        public boolean arePoliciesExpressibleInQuery​(String repositoryName)
        Description copied from interface: SecurityPolicyService
        Checks if the policies can be expressed in a query for a given repository.

        If not, then any query made will have to be post-filtered.

        Specified by:
        arePoliciesExpressibleInQuery in interface SecurityPolicyService
        Parameters:
        repositoryName - the target repository name.
        Returns:
        true if all policies can be expressed in a query

      • checkPermission

        public Access checkPermission​(Document doc,
                              ACP mergedAcp,
                              NuxeoPrincipal principal,
                              String permission,
                              String[] resolvedPermissions,
                              String[] additionalPrincipals)
        Description copied from interface: SecurityPolicyService
        Checks given permission for doc and principal.

        The security service checks this service for a security access. This access is defined iterating over pluggable policies in a defined order. If access is not specified, security service applies its default policy.

        Specified by:
        checkPermission in interface SecurityPolicyService
        Parameters:
        doc - the document to check
        mergedAcp - merged acp resolved for this document
        principal - principal to check
        permission - permission to check
        resolvedPermissions - permissions or groups of permissions containing permission
        additionalPrincipals - principals (groups) to check for principal
        Returns:
        access: true, false, or nothing. When nothing is returned, following policies or default core security are applied.