Package org.nuxeo.ecm.core.security
Class CheckInSecurityPolicy
java.lang.Object
org.nuxeo.ecm.core.security.AbstractSecurityPolicy
org.nuxeo.ecm.core.security.CheckInSecurityPolicy
- All Implemented Interfaces:
SecurityPolicy
Security policy that denies write access on a live document when it is in the checked-in state.
The document must be checked out before modification is allowed.
- Since:
- 5.4
-
Nested Class Summary
Nested classes/interfaces inherited from interface org.nuxeo.ecm.core.security.SecurityPolicy
SecurityPolicy.IdentityQueryTransformer, SecurityPolicy.QueryTransformer
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptioncheckPermission
(Document doc, ACP mergedAcp, NuxeoPrincipal principal, String permission, String[] resolvedPermissions, String[] additionalPrincipals) Checks given permission for doc and principal.getQueryTransformer
(String repositoryName) Get the transformer to use to apply this policy to a query.boolean
isExpressibleInQuery
(String repositoryName) Checks if this policy can be expressed in a query for given repository.boolean
isRestrictingPermission
(String permission) Checks if this policy is restricting the given permission.Methods inherited from class org.nuxeo.ecm.core.security.AbstractSecurityPolicy
getQueryTransformer, isExpressibleInQuery
-
Constructor Details
-
CheckInSecurityPolicy
public CheckInSecurityPolicy()
-
-
Method Details
-
checkPermission
public Access checkPermission(Document doc, ACP mergedAcp, NuxeoPrincipal principal, String permission, String[] resolvedPermissions, String[] additionalPrincipals) Description copied from interface:SecurityPolicy
Checks given permission for doc and principal.Note that for the
Browse
permission, which is also implemented in SQL usingSecurityPolicy.getQueryTransformer(java.lang.String)
, a security policy must never bypass standard ACL access, it must only return DENY or UNKNOWN. Failing to do this would make direct access and queries behave differently.- Parameters:
doc
- the document to checkmergedAcp
- merged ACP resolved for this documentprincipal
- principal to checkpermission
- permission to checkresolvedPermissions
- permissions or groups of permissions containing permission- Returns:
- access: GRANT, DENY, or UNKNOWN. When UNKNOWN is returned, following policies or default core security are applied.
-
isRestrictingPermission
Description copied from interface:SecurityPolicy
Checks if this policy is restricting the given permission.Queries check the BROWSE permission.
- Specified by:
isRestrictingPermission
in interfaceSecurityPolicy
- Overrides:
isRestrictingPermission
in classAbstractSecurityPolicy
- Parameters:
permission
- the permission to check for- Returns:
true
if the policy restricts the permission
-
isExpressibleInQuery
Description copied from interface:SecurityPolicy
Checks if this policy can be expressed in a query for given repository.If not, then any query made will have to be post-filtered.
- Specified by:
isExpressibleInQuery
in interfaceSecurityPolicy
- Overrides:
isExpressibleInQuery
in classAbstractSecurityPolicy
- Parameters:
repositoryName
- the target repository name.- Returns:
true
if the policy can be expressed in a query
-
getQueryTransformer
Description copied from interface:SecurityPolicy
Get the transformer to use to apply this policy to a query.Called only when
SecurityPolicy.isExpressibleInQuery(String)
returnedtrue
- Specified by:
getQueryTransformer
in interfaceSecurityPolicy
- Overrides:
getQueryTransformer
in classAbstractSecurityPolicy
- Parameters:
repositoryName
- the target repository name.- Returns:
- the transformer
-