Package org.nuxeo.ecm.core.security

Class SecurityPolicyServiceImpl

java.lang.Object
org.nuxeo.ecm.core.security.SecurityPolicyServiceImpl
All Implemented Interfaces:
Serializable, SecurityPolicyService
public class SecurityPolicyServiceImpl extends Object implements SecurityPolicyService
Security policy service implementation.

Iterates over ordered policies. First policy to give a known access (grant or deny) applies.

Author:
Anahide Tchertchian
See Also:

  • Constructor Details

    • SecurityPolicyServiceImpl

      public SecurityPolicyServiceImpl()

  • Method Details

    • getPolicies

      public List<SecurityPolicy> getPolicies()
      Description copied from interface: SecurityPolicyService
      Gets the list of registered security policies.
      Specified by:
      getPolicies in interface SecurityPolicyService
      Returns:
      the policies

    • arePoliciesRestrictingPermission

      public boolean arePoliciesRestrictingPermission(String permission)
      Description copied from interface: SecurityPolicyService
      Checks if any policy restricts the given permission.

      If not, then no post-filtering on policies will be needed for query results.

      Specified by:
      arePoliciesRestrictingPermission in interface SecurityPolicyService
      Returns:
      true if a policy restricts the permission

    • arePoliciesExpressibleInQuery

      public boolean arePoliciesExpressibleInQuery(String repositoryName)
      Description copied from interface: SecurityPolicyService
      Checks if the policies can be expressed in a query for a given repository.

      If not, then any query made will have to be post-filtered.

      Specified by:
      arePoliciesExpressibleInQuery in interface SecurityPolicyService
      Parameters:
      repositoryName - the target repository name.
      Returns:
      true if all policies can be expressed in a query

    • getPoliciesQueryTransformers

      public Collection<SQLQuery.Transformer> getPoliciesQueryTransformers(String repositoryName)
      Description copied from interface: SecurityPolicyService
      Get the transformers to apply the policies to a query for given repository.
      Specified by:
      getPoliciesQueryTransformers in interface SecurityPolicyService
      Parameters:
      repositoryName - the target repository name.
      Returns:
      the transformers.

    • registerDescriptor

      public void registerDescriptor(SecurityPolicyDescriptor descriptor)
      Specified by:
      registerDescriptor in interface SecurityPolicyService

    • unregisterDescriptor

      public void unregisterDescriptor(SecurityPolicyDescriptor descriptor)
      Specified by:
      unregisterDescriptor in interface SecurityPolicyService

    • checkPermission

      public Access checkPermission(Document doc, ACP mergedAcp, NuxeoPrincipal principal, String permission, String[] resolvedPermissions, String[] additionalPrincipals)
      Description copied from interface: SecurityPolicyService
      Checks given permission for doc and principal.

      The security service checks this service for a security access. This access is defined iterating over pluggable policies in a defined order. If access is not specified, security service applies its default policy.

      Specified by:
      checkPermission in interface SecurityPolicyService
      Parameters:
      doc - the document to check
      mergedAcp - merged acp resolved for this document
      principal - principal to check
      permission - permission to check
      resolvedPermissions - permissions or groups of permissions containing permission
      additionalPrincipals - principals (groups) to check for principal
      Returns:
      access: true, false, or nothing. When nothing is returned, following policies or default core security are applied.