Class WOPILockSecurityPolicy

  • All Implemented Interfaces:
    SecurityPolicy

    public class WOPILockSecurityPolicy
    extends LockSecurityPolicy
    Security policy to allow collaborative edition with WOPI.

    See Co-authoring using Office Online.

    Unlike the standard LockSecurityPolicy, even if the document is locked by someone else, the WRITE permission is not blocked if a WOPI lock exists for the document and the request originated from a WOPI client.

    This handles the case of multiple users editing a document at the same time in Office Online, which is considered by the Nuxeo WOPI host as a single WOPI client.

    Since:
    10.3
    • Constructor Detail

      • WOPILockSecurityPolicy

        public WOPILockSecurityPolicy()
    • Method Detail

      • checkPermission

        public Access checkPermission​(Document doc,
                                      ACP mergedAcp,
                                      NuxeoPrincipal principal,
                                      String permission,
                                      String[] resolvedPermissions,
                                      String[] additionalPrincipals)
        Description copied from interface: SecurityPolicy
        Checks given permission for doc and principal.

        Note that for the Browse permission, which is also implemented in SQL using SecurityPolicy.getQueryTransformer(java.lang.String), a security policy must never bypass standard ACL access, it must only return DENY or UNKNOWN. Failing to do this would make direct access and queries behave differently.

        Specified by:
        checkPermission in interface SecurityPolicy
        Overrides:
        checkPermission in class LockSecurityPolicy
        Parameters:
        doc - the document to check
        mergedAcp - merged ACP resolved for this document
        principal - principal to check
        permission - permission to check
        resolvedPermissions - permissions or groups of permissions containing permission
        Returns:
        access: GRANT, DENY, or UNKNOWN. When UNKNOWN is returned, following policies or default core security are applied.